This Metasploit module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PHP code it can be used to elevate privileges to root. Progress Flowmon up to at least version 12.3.5 is vulnerable.
4d7c5d9c8f90f2082d79d0b216623a4757503aa44c96d6dd6a02243cececec08This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02.
f262ccf117a7326996b9db1324d65098a3eea5a5882162d9f1ec432434054948This Metasploit module abuses a feature of the sudo command on Progress Kemp LoadMaster. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. Some files have this permission are not write-protected from the default bal user. As such, if the file is overwritten with an arbitrary file, it will still auto-elevate. This module overwrites the /bin/loadkeys file with another executable.
0ba86964552be2e15d8dfa5aee3dc906633226221f56038c5adfd5023d1cef02This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Kemp LoadMaster in the authorization header after version 7.2.48.1. The following versions are patched: 7.2.59.2 (GA), 7.2.54.8 (LTSF), and 7.2.48.10 (LTS).
3a721b9eae3cbcc73dbb679d3903115192bf095161310b9403ab283b1ed814f6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed