HP VAN SDN Controller Root Command Injection

Posted by deepcore on July 8, 2018 – 10:04 pm

This Metasploit module exploits a hardcoded service token or default credentials in HPE VAN SDN Controller versions 2.7.18.0503 and below to execute a payload as root. A root command injection was discovered in the uninstall action’s name parameter, obviating the need to use sudo for privilege escalation. If the service token option TOKEN is blank, USERNAME and PASSWORD will be used for authentication. An additional login request will be sent.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Apple Security Advisory 2018-7-05-1 HID discoveryd command_blink_on Unauthenticated Remote Command Execution »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

HP VAN SDN Controller Root Command Injection

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL