Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution

Posted by deepcore on July 13, 2016 – 3:13 am

This Metasploit module exploits three separate vulnerabilities found in the Riverbed SteelCentral NetProfiler/NetExpress virtual appliances to obtain remote command execution as the root user. A SQL injection in the login form can be exploited to add a malicious user into the application’s database. An attacker can then exploit a command injection vulnerability in the web interface to obtain arbitrary code execution. Finally, an insecure configuration of the sudoers file can be abused to escalate privileges to root.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« WordPress WP Job Manager 1.25 Shell Upload Joomla Branch 3.0 SQL Injection »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL