CVE-2020-7377
8.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Summary
The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rapid7 | Metasploit Framework | 4.12.40 < 4.12.40* | affected |
| Rapid7 | Metasploit Framework | 6.0.3 < 6.0.3 | affected |
Weaknesses
- CWE-23: CWE-23 Relative Path Traversal
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.