-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Sophos UTM CVE-2020-25223 exploit #15783
Conversation
wvu
commented
Oct 20, 2021
•
edited
Loading
edited
92a0a28
to
9cc453c
Compare
c5bb2f3
to
980c7f7
Compare
In testing I found the bash Might be worth supporting that in the module? |
modules/exploits/linux/http/sophos_utm_webadmin_sid_cmd_injection.rb
Outdated
Show resolved
Hide resolved
@darrenmartyn: I wouldn't be surprised, but I'd rather fix the payload than every module where it applies. IOW, we have the support; it's Metasploit itself that's broken. There's also still Did you test a Perl reverse shell? The system is built on Perl. I selected the default payload based on that, but there's always room for improvement. Update: #15875 should fix this issue. |
Everything appears to be working correctly. I tested the check method against a vulnerable and patched instance as well as multiple payloads. Testing Output
|
I'll be adding additional documentation as per @smcintyre-r7's suggestion. Thanks. |
a0ae41e
to
32da15f
Compare
For consistency.
@smcintyre-r7, cleared to land runway |
Release NotesThis adds an exploit for CVE-2020-25223 which is an unauthenticated RCE within the Sophos UTM WebAdmin service. Exploitation results in OS command execution as the root user. |
See rapid7/rex-core#17. |