This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload (RAU) component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module must upload a mixed mode .NET assembly DLL which is then loaded through the deserialization flaw. Uploading the file requires knowledge of the cryptographic keys used by RAU. The default values used by this module are related to CVE-2017-11317, which once patched randomizes these keys. It is also necessary to know the version of Telerik UI ASP.NET that is running. This version number is in the format YYYY.#(.###)? where YYYY is the year of the release (e.g. 2020.3.915).
1681e42767479128abf9e29c90cc76efThe Telerik UI for ASP.NET AJAX insecurely deserializes JSON objects in a manner that results in arbitrary remote code execution on the software's underlying host.
725661dfbd6f55841367cc547d0ba030Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI. Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.
c22adbdd431026937dde62858e1d4472Dell EMC RecoverPoint versions prior to 5.1.2 suffer from a local root command execution vulnerability.
644beef393e8a481559e2ac1d14d98e8Dell EMC RecoverPoint versions prior to 5.1.2 suffer from a remote root command execution vulnerability.
6c11f1bc9ab032ba45ef40d9bb694a6fDell EMC RecoverPoint versions prior to 5.1.2 and Dell EMC RecoverPoint Virtual Machine (VM) versions prior to 5.1.1.3 suffer from command injection, LDAP password leak, and arbitrary file read vulnerabilities.
9df752365ddff28373f9dc6d6b03514fEMC RecoverPoint version 4.3 suffers from an administrative CLI command injectionv vulnerability.
74681e8d90f13459f9d0a81fa0ea5de4BMC BladeLogic RSCD Agent version 8.3.00.64 suffers from a windows users disclosure vulnerability.
9a5bc055f019f7c0dbca70e7a76dd801BMC BladeLogic version 8.3.00.64 suffers from a remote command execution vulnerability.
ea127d0bd05261df457df3bc13d2ee7eRed-Gate SQL Monitor versions prior to 3.10 and 4.2 suffers from an authentication bypass vulnerability.
849e97fb399ffa034d865ee280f85f45NfSen version 1.3.7 and AlienVault OSSIM version 4.3.1 suffer from a customfmt command injection vulnerability.
e7f34839cb159cbb036031d2d0f759efNfSen version 1.3.7 and AlienVault USM/OSSIM version 5.3.4 suffer from a remote command injection vulnerability.
a5c06ecae8b80e27d7f7876e20f6c2d1NfSen versions 1.3.7 and below and AlienVault USM/OSSIM versions 5.3.6 and below suffer from a local privilege escalation vulnerability.
787b269cad22ea86e1c32d8ac3022b2f
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed