automatic module_metadata_base.json update

2024-03-20 15:10:21 -05:00 · 2024-03-20 15:10:21 -05:00 · a0d162bc9f
parent 2b90d33aef
commit a0d162bc9f
1 changed files with 60 additions and 0 deletions
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@ -76752,6 +76752,66 @@
    "session_types": false,
    "needs_cleanup": null
  },
+  "exploit_linux/http/opennms_horizon_authenticated_rce": {
+    "name": "OpenNMS Horizon Authenticated RCE",
+    "fullname": "exploit/linux/http/opennms_horizon_authenticated_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2023-07-01",
+    "type": "exploit",
+    "author": [
+      "Erik Wynter"
+    ],
+    "description": "This module exploits built-in functionality in OpenNMS\n          Horizon in order to execute arbitrary commands as the\n          opennms user. For versions 32.0.2 and higher, this\n          module requires valid credentials for a user with\n          ROLE_FILESYSTEM_EDITOR privileges and either\n          ROLE_ADMIN or ROLE_REST.\n\n          For versions 32.0.1 and lower, credentials are\n          required for a user with ROLE_FILESYSTEM_EDITOR,\n          ROLE_REST, and/or ROLE_ADMIN privileges. In that case,\n          the module will automatically escalate privileges via\n          CVE-2023-40315 or CVE-2023-0872 if necessary.\n\n          This module has been successfully tested against OpenNMS\n          version 31.0.7",
+    "references": [
+      "CVE-2023-40315",
+      "CVE-2023-0872"
+    ],
+    "platform": "Linux",
+    "arch": "ARCH_CMD",
+    "rport": 8980,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Linux"
+    ],
+    "mod_time": "2024-03-20 11:39:19 +0000",
+    "path": "/modules/exploits/linux/http/opennms_horizon_authenticated_rce.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/opennms_horizon_authenticated_rce",
+    "check": true,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
  "exploit_linux/http/opentsdb_key_cmd_injection": {
    "name": "OpenTSDB 2.4.1 unauthenticated command injection",
    "fullname": "exploit/linux/http/opentsdb_key_cmd_injection",