module

Novell ZENworks Asset Management 7.5 Remote File Access

Try Surface Command
Back to search
Disclosed
N/A
Created
2018-05-30

Description

This module exploits a hardcoded user and password for the GetFile maintenance
task in Novell ZENworks Asset Management 7.5. The vulnerability exists in the Web
Console and can be triggered by sending a specially crafted request to the rtrlet component,
allowing a remote unauthenticated user to retrieve a maximum of 100_000_000 KB of
remote files. This module has been successfully tested on Novell ZENworks Asset
Management 7.5.

Author

juan vazquez [email protected]

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use auxiliary/scanner/http/zenworks_assetmanagement_fileaccess
    msf auxiliary(zenworks_assetmanagement_fileaccess) > show actions
        ...actions...
    msf auxiliary(zenworks_assetmanagement_fileaccess) > set ACTION < action-name >
    msf auxiliary(zenworks_assetmanagement_fileaccess) > show options
        ...show and set options...
    msf auxiliary(zenworks_assetmanagement_fileaccess) > run
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today