search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.33k stars 14.02k forks source link

[Module] VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE #18092

Closed sinsinology closed 1 year ago

sinsinology commented 1 year ago

VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE

Hey rapid7 team, here is the Metasploit exploit module for this issue on my GitHub repo.

https://github.com/sinsinology/CVE-2023-20887/vmware_vrni_rce_cve_2023_20887.rb

Version: 6.8.0.1666364233 Exploit By: Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) A root cause analysis of the vulnerability can be found on my blog: https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/

All the best, Sina

h00die commented 1 year ago

File not found, there is no ruby file in that directory.

sinsinology commented 1 year ago

Check Now, https://github.com/sinsinology/CVE-2023-20887/blob/main/vmware_vrni_rce_cve_2023_20887.rb

h00die commented 1 year ago

why not submit it as a pull request to framework directly?

sinsinology commented 1 year ago

fair enough, done