Vulnerability Description
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rapid7 | Metasploit | <= 4.13.19 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/96954
- https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabMitigationVendor Advisory
- http://www.securityfocus.com/bid/96954
- https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabMitigationVendor Advisory
FAQ
What is CVE-2017-5229?
CVE-2017-5229 is a vulnerability with a CVSS score of 7.1 (HIGH). All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted...
How severe is CVE-2017-5229?
CVE-2017-5229 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5229?
Check the references section above for vendor advisories and patch information. Affected products include: Rapid7 Metasploit.