|
81937 | 81937 | "session_types": false, |
81938 | 81938 | "needs_cleanup": null |
81939 | 81939 | }, |
| 81940 | + "exploit_linux/http/watchguard_firebox_unauth_rce_cve_2022_26318": { |
| 81941 | + "name": "WatchGuard XTM Firebox Unauthenticated Remote Command Execution", |
| 81942 | + "fullname": "exploit/linux/http/watchguard_firebox_unauth_rce_cve_2022_26318", |
| 81943 | + "aliases": [ |
| 81944 | + |
| 81945 | + ], |
| 81946 | + "rank": 400, |
| 81947 | + "disclosure_date": "2022-08-29", |
| 81948 | + "type": "exploit", |
| 81949 | + "author": [ |
| 81950 | + "h00die-gr3y < [email protected]>", |
| 81951 | + "Charles Fol (Ambionics Security)", |
| 81952 | + "Dylan Pindur (AssetNote)", |
| 81953 | + "Misterxid" |
| 81954 | + ], |
| 81955 | + "description": "This module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox\n and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary\n called wgagent using pre-authentication endpoint /agent/login.\n This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x\n before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.", |
| 81956 | + "references": [ |
| 81957 | + "CVE-2022-26318", |
| 81958 | + "URL-https://www.ambionics.io/blog/hacking-watchguard-firewalls", |
| 81959 | + "URL-https://www.assetnote.io/resources/research/diving-deeper-into-watchguard-pre-auth-rce-cve-2022-26318", |
| 81960 | + "URL-https://github.com/misterxid/watchguard_cve-2022-26318", |
| 81961 | + "URL-https://attackerkb.com/topics/t8Nrnu99ZE/cve-2022-26318" |
| 81962 | + ], |
| 81963 | + "platform": "Unix", |
| 81964 | + "arch": "cmd", |
| 81965 | + "rport": 8080, |
| 81966 | + "autofilter_ports": [ |
| 81967 | + 80, |
| 81968 | + 8080, |
| 81969 | + 443, |
| 81970 | + 8000, |
| 81971 | + 8888, |
| 81972 | + 8880, |
| 81973 | + 8008, |
| 81974 | + 3000, |
| 81975 | + 8443 |
| 81976 | + ], |
| 81977 | + "autofilter_services": [ |
| 81978 | + "http", |
| 81979 | + "https" |
| 81980 | + ], |
| 81981 | + "targets": [ |
| 81982 | + "Automatic (Reverse Python Interactive Shell)" |
| 81983 | + ], |
| 81984 | + "mod_time": "2024-03-28 08:43:08 +0000", |
| 81985 | + "path": "/modules/exploits/linux/http/watchguard_firebox_unauth_rce_cve_2022_26318.rb", |
| 81986 | + "is_install_path": true, |
| 81987 | + "ref_name": "linux/http/watchguard_firebox_unauth_rce_cve_2022_26318", |
| 81988 | + "check": true, |
| 81989 | + "post_auth": false, |
| 81990 | + "default_credential": false, |
| 81991 | + "notes": { |
| 81992 | + "Stability": [ |
| 81993 | + "service-resource-loss" |
| 81994 | + ], |
| 81995 | + "SideEffects": [ |
| 81996 | + "artifacts-on-disk", |
| 81997 | + "ioc-in-logs" |
| 81998 | + ], |
| 81999 | + "Reliability": [ |
| 82000 | + "repeatable-session" |
| 82001 | + ] |
| 82002 | + }, |
| 82003 | + "session_types": false, |
| 82004 | + "needs_cleanup": null |
| 82005 | + }, |
81940 | 82006 | "exploit_linux/http/wd_mycloud_multiupload_upload": { |
81941 | 82007 | "name": "Western Digital MyCloud multi_uploadify File Upload Vulnerability", |
81942 | 82008 | "fullname": "exploit/linux/http/wd_mycloud_multiupload_upload", |
|
0 commit comments