CVE-2020-7377

Summary

The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server.

Affected Software

VendorProductVersion RangeStatus
Rapid7Metasploit Framework4.12.40 < 4.12.40*affected
Rapid7Metasploit Framework6.0.3 < 6.0.3affected

Weaknesses

  • CWE-23: CWE-23 Relative Path Traversal

ADP Enrichment

CVE Program Container

Additional References

References