728x90
LifeSize UVC Authenticated RCE via Ping
When authenticated as an administrator on LifeSize UVC 1.2.6, an attacker can abuse the ping diagnostic functionality to achieve remote command execution as the www-data user (or equivalent)
Module Name
exploit/linux/http/lifesize_uvc_ping_rce
Authors
- Brandon Perry <bperry.volatile [at] gmail.com>
References
Targets
- LifeSize UVC version <= 1.2.6
Platforms
- unix
Architectures
- cmd
Reliability
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/linux/http/lifesize_uvc_ping_rce
msf exploit(lifesize_uvc_ping_rce) > show targets
...targets...
msf exploit(lifesize_uvc_ping_rce) > set TARGET <target-id>
msf exploit(lifesize_uvc_ping_rce) > show options
...show and set options...
msf exploit(lifesize_uvc_ping_rce) > exploit
728x90
'Metasploit ' 카테고리의 다른 글
AlienVault Authenticated SQL Injection Arbitrary File Read (0) | 2014.04.05 |
---|---|
Safari User-Assisted Download and Run Attack (0) | 2014.03.28 |
FreePBX config.php Remote Code Execution (0) | 2014.03.28 |
Katello (Red Hat Satellite) users/update_roles Missing Authorization (0) | 2014.03.28 |
Firefox Gather Cookies from Privileged Javascript Shell (0) | 2014.03.28 |