New module content (1)
OpenNMS Horizon Authenticated RCE
Author: Erik Wynter
Type: Exploit
Pull request: #18618 contributed by ErikWynter
Path: linux/http/opennms_horizon_authenticated_rce
AttackerKB reference: CVE-2023-0872
Description: This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST. For versions 32.0.1 and lower, credentials are required for a user with ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges.
Enhancements and features (5)
#18838 from SickMcNugget - This adds support for Debian and includes a number of fixes and improvements for the runc_cwd_priv_esc module. Prior to this fix, the module would incorrectly report some of the versions that the patch had been back ported to as vulnerable.
#18841 from randomstr1ng - This PR updates the sap_icm_paths.txt wordlist with the newest entries.
#18885 from errorxyz - Enhances the sessions command so that both Meterpreter and the top level Metasploit prompt support sessions -i -1.
#18978 from dwelch-r7 - This PR updates several login modules to now display some messaging to the end of ..
Support the originator by clicking the read the rest link below.
