all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

OpenNMS Horizon 31.0.7 Remote Command Execution

Add to bookmarks
March 21, 2024, 2:29 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST. For versions 32.0.1 and lower, credentials are required for a user with ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges. In that case, the module will automatically escalate privileges via CVE-2023-40315 or CVE-2023-0872 if necessary. This module has been successfully tested against OpenNMS …

command credentials exploits higher horizon metasploit order privileges remote command execution valid

Visit resource

More from packetstormsecurity.com / Packet Storm

RansomLord Anti-Ransomware Exploit Tool 3.1 1 day, 16 hours ago | packetstormsecurity.com
anti-ransomware compromise concept dll +13
Red Hat Security Advisory 2024-3527-03 1 day, 16 hours ago | packetstormsecurity.com
advisory buffer buffer overflow customer +16
Red Hat Security Advisory 2024-3513-03 1 day, 16 hours ago | packetstormsecurity.com
advisory code code execution enterprise +8
Red Hat Security Advisory 2024-3501-03 1 day, 16 hours ago | packetstormsecurity.com
advisory denial of service enterprise issues +7
Red Hat Security Advisory 2024-3500-03 1 day, 16 hours ago | packetstormsecurity.com
advisory denial of service enterprise http +10
Red Hat Security Advisory 2024-3497-03 1 day, 16 hours ago | packetstormsecurity.com
advisory buffer buffer overflow buffer overflow vulnerability +10
Packet Storm New Exploits For May, 2024 1 day, 16 hours ago | packetstormsecurity.com
archive exploits may packet +2
Ubuntu Security Notice USN-6804-1 1 day, 16 hours ago | packetstormsecurity.com
attacker buffer buffer overflow cache +16
Ubuntu Security Notice USN-6803-1 1 day, 16 hours ago | packetstormsecurity.com
arbitrary code arbitrary code execution attacker code +16

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com