First published: Wed Apr 24 2019(Updated: )
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions.
Credit: cve@rapid7.con cve@rapid7.com
Affected Software | Affected Version | How to fix |
---|---|---|
Rapid7 Metasploit | <=4.14.0 | |
<=4.14.0 |
Update to version 4.15.0 or later.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-5624 refers to a vulnerability in Rapid7 Metasploit Framework that allows Path Traversal, enabling an attacker to execute arbitrary code in Metasploit at a high privilege level.
CVE-2019-5624 has a severity rating of 7.3, which is considered high.
CWE-22 is a classification for the vulnerability type 'Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)'.
Rapid7 Metasploit Framework versions up to and including 4.14.0 are affected by CVE-2019-5624.
An attacker can exploit CVE-2019-5624 by leveraging Path Traversal to manipulate file paths, allowing for the execution of arbitrary code in Metasploit.