Last updated at Fri, 08 Sep 2023 18:01:33 GMT
Pumpkin Spice Modules
Here in the northern hemisphere, fall is on the way: leaves changing, the air growing crisp and cool, and some hackers changing the flavor of their caffeine. This release features a new exploit module targeting Apache NiFi as well as a new and improved library to interact with it.
New module content (1)
Apache NiFi H2 Connection String Remote Code Execution
Description: This adds an exploit module for a Apache NiFi h2 remote code execution identified as CVE-2023-34468. Versions 0.0.2 through 1.21.0 are vulnerable and allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. This also adds a library with helper functions for modules targeting this product.
Modules which have either been enhanced, or renamed:
Elasticsearch Enumeration Utility
Description: This updates the Elasticsearch auxiliary module. It has been renamed to
elastic_enum, accepts credentials and will store data to disk that is pulled from the target.
- #18247 from EgeBalci - This adds an exploit module that leverages an authentication bypass and an arbitrary file upload in Netgear ProSAFE NMS300. These vulnerabilities have been identified as CVE-2023-38096 and CVE-2023-38098 respectively and affects versions below 22.214.171.124. By chaining together these vulnerabilities, an unauthenticated remote attacker can execute arbitrary code with SYSTEM privileges.
Enhancements and features (1)
- #18309 from zeroSteiner - This updates the ldap_query module to stream the results instead of collecting them all at once. This should improve the UX of using the module in large target environments with 10s of thousands of accounts and the like.
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with
and you can get more details on the changes since the last blog post from
If you are a
git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).