automatic module_metadata_base.json update

msjenkins-r7 · msjenkins-r7 · commit 1a14916e681d · 2024-09-17T07:32:43.000-05:00
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -176219,6 +176219,62 @@
 
     ]
   },
+  "exploit_windows/local/cve_2024_30088_authz_basep": {
+    "name": "Windows Kernel Time of Check Time of Use LPE in AuthzBasepCopyoutInternalSecurityAttributes",
+    "fullname": "exploit/windows/local/cve_2024_30088_authz_basep",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2024-06-11",
+    "type": "exploit",
+    "author": [
+      "tykawaii98",
+      "jheysel-r7"
+    ],
+    "description": "CVE-2024-30088 is a Windows Kernel Elevation of Privilege Vulnerability which affects many recent versions of Windows 10,\n          Windows 11 and Windows Server 2022.\n\n          The vulnerability exists inside the function called `AuthzBasepCopyoutInternalSecurityAttributes` specifically when\n          the kernel copies the `_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION` of the current token object to user mode. When the\n          kernel preforms the copy of the `SecurityAttributesList`, it sets up the list of the SecurityAttribute's structure\n          directly to the user supplied pointed. It then calls `RtlCopyUnicodeString` and\n          `AuthzBasepCopyoutInternalSecurityAttributeValues` to copy out the names and values of the `SecurityAttribute` leading\n          to multiple Time Of Check Time Of Use (TOCTOU) vulnerabilities in the function.",
+    "references": [
+      "URL-https://github.com/tykawaii98/CVE-2024-30088",
+      "CVE-2024-30038"
+    ],
+    "platform": "Windows",
+    "arch": "x64",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "Windows x64"
+    ],
+    "mod_time": "2024-09-04 14:09:04 +0000",
+    "path": "/modules/exploits/windows/local/cve_2024_30088_authz_basep.rb",
+    "is_install_path": true,
+    "ref_name": "windows/local/cve_2024_30088_authz_basep",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ],
+      "Reliability": [
+        "unreliable-session"
+      ]
+    },
+    "session_types": [
+      "meterpreter"
+    ],
+    "needs_cleanup": null,
+    "actions": [
+
+    ]
+  },
   "exploit_windows/local/dnsadmin_serverlevelplugindll": {
     "name": "DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation",
     "fullname": "exploit/windows/local/dnsadmin_serverlevelplugindll",
