Post Syndicated from Jacquie Harris original https://blog.rapid7.com/2023/02/17/metasploit-wrap-up-193/

Cisco RV Series Auth Bypass and Command Injection

Thanks to community contributor neterum, Metasploit framework just gained an awesome new module which targets Cisco Small Business RV Series Routers. The module actually exploits two vulnerabilities, an authentication bypass CVE-2022-20705 and a command injection vulnerability CVE-2022-20707 in order to achieve code execution in the context of user www-data.

New module content (2)

Cisco RV Series Authentication Bypass and Command Injection

Authors: Biem Pham, Neterum, and jbaines-r7
Type: Exploit
Pull request: #17599 contributed by neterum
Attacker KB Reference: CVE-2022-20707

Description: An exploit for Cisco RV160, RV260, RV340 and RV345 Small Business Routers prior to firmware version 1.0.03.26 has been added which exploits CVE-2022-20705, an authentication bypass, and CVE-2022-20707, a command injection vulnerability, to achieve remote code execution as the www-data user on affected devices as an unauthenticated attacker.

GitLab GitHub Repo Import Deserialization RCE

Authors: Heyder Andrade, RedWay Security, and William Bowling (vakzz)
Type: Exploit
Pull request: #17281 contributed by heyder
AttackerKB reference: CVE-2022-2992

Description: This adds an exploit for CVE-2022-2992 which is authenticated remote command execution in GitLab.

Enhancements and features (1)

• #17594 from zeroSteiner – The DLL template code has been updated so that tools such as msfvenom can use DLL templates with payloads that were larger than 4096 bytes, such as unstaged payloads. Note that this update only applies to the default DLL templates that Metasploit provides, and not to external DLL templates which are restricted to 4096 bytes at this time.

Bugs fixed (1)

• #17645 from adfoster-r7 – Fixes a bug that caused warnings to be output on Arch Linux environments when starting msfconsole

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

• Pull Requests 6.3.2…6.3.3
• Full diff 6.3.2…6.3.3

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).