diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index 55491bee8d..c6f6d446da 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -135620,15 +135620,23 @@ "type": "exploit", "author": [ "Chris Lyne", + "Matteo Malvica", "bcoles " ], - "description": "Druva inSync client for Windows exposes a network service on TCP port\n 6064 on the local network interface. inSync versions 6.5.2 and prior\n do not validate user-supplied program paths in RPC type 5 messages,\n allowing execution of arbitrary commands as SYSTEM.\n This module has been tested successfully on inSync version\n 6.5.2r99097 on Windows 7 SP1 (x64).", + "description": "Druva inSync client for Windows exposes a network service on TCP\n port 6064 on the local network interface. inSync versions 6.6.3\n and prior do not properly validate user-supplied program paths\n in RPC type 5 messages, allowing execution of arbitrary commands\n as SYSTEM.\n\n This module has been tested successfully on inSync versions\n 6.5.2r99097 and 6.6.3r102156 on Windows 7 SP1 (x64).", "references": [ "CVE-2019-3999", + "CVE-2020-5752", "EDB-48400", + "EDB-48505", + "EDB-49211", "PACKETSTORM-157493", + "PACKETSTORM-157802", + "PACKETSTORM-160404", "URL-https://www.tenable.com/security/research/tra-2020-12", - "URL-https://github.com/tenable/poc/blob/master/druva/inSync/druva_win_cphwnet64.py" + "URL-https://www.tenable.com/security/research/tra-2020-34", + "URL-https://github.com/tenable/poc/blob/master/druva/inSync/druva_win_cphwnet64.py", + "URL-https://www.matteomalvica.com/blog/2020/05/21/lpe-path-traversal/" ], "platform": "Windows", "arch": "", @@ -135642,7 +135650,7 @@ "targets": [ "Automatic" ], - "mod_time": "2020-05-06 14:09:46 +0000", + "mod_time": "2020-12-10 12:14:47 +0000", "path": "/modules/exploits/windows/local/druva_insync_insynccphwnet64_rcp_type_5_priv_esc.rb", "is_install_path": true, "ref_name": "windows/local/druva_insync_insynccphwnet64_rcp_type_5_priv_esc",