module
invscout RPM Privilege Escalation
| Disclosed |
|---|
| Apr 24, 2023 |
Disclosed
Apr 24, 2023
Description
This module exploits a command injection vulnerability in IBM AIX
invscout set-uid root utility present in AIX 7.2 and earlier.
The undocumented -rpm argument can be used to install an RPM file;
and the undocumented -o argument passes arguments to the rpm utility
without validation, leading to command injection with effective-uid
root privileges.
This module has been tested successfully on AIX 7.2.
invscout set-uid root utility present in AIX 7.2 and earlier.
The undocumented -rpm argument can be used to install an RPM file;
and the undocumented -o argument passes arguments to the rpm utility
without validation, leading to command injection with effective-uid
root privileges.
This module has been tested successfully on AIX 7.2.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.