CVE-2017-5228

Summary

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.

Affected Software

VendorProductVersion RangeStatus
Rapid7MetasploitAll versions prior to version 4.13.0-2017020701affected

Weaknesses

  • Directory Traversal

ADP Enrichment

CVE Program Container

Additional References

References