PT-2019-17797 · Rapid7 · Metasploit Pro

Publicado

2019-11-06

Atualizado

2019-11-13

CVE-2019-5642

CVSS v3.1

3.3

Baixa

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Rapid7 Metasploit Pro versions prior to 4.16.0-2019081901

Description The issue allows other users of the same system where Metasploit Pro is installed to intercept private communications to the Metasploit Pro web interface. This occurs because the unique server.key is written to the file system during installation with world-readable permissions.

Recommendations For Rapid7 Metasploit Pro versions prior to 4.16.0-2019081901, consider restricting access to the server.key file to prevent other users from reading it, until a newer version with proper permissions is available.

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2019-5642

Produtos afetados

Metasploit Pro

PT-2019-17797 · Rapid7 · Metasploit Pro

CVE-2019-5642

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3