ccondon-r7 (8)

Last Login: June 26, 2020
Assessments
3
Score
8

ccondon-r7's Contributions (10)

Sort by:
Filter by:
1
Ratings
  • Attacker Value
    High
  • Exploitability
    High
Technical Analysis

Vuln affects versions 5.0.0 to 5.5.4 and is weaponized in the form of a Metasploit module: https://github.com/rapid7/metasploit-framework/pull/13512
Credit to Charles Fol for discovery and Zenofex for fast analysis and slick weaponization.

I keep thinking that it’s unlikely enterprises use vBulletin and this must be more of a risk to small- and medium-sized businesses, but looking at some of the companies that are said to be vBulletin customers, I suppose that’s not necessarily true. Article on in-the-wild exploitation here.

2

Nice, what a great assessment! Knowledge like this is exactly what we wanted to be able to capture and highlight when AttackerKB was first dreamt up. Thanks so much—if you ever want to collaborate on a Metasploit module (scanner, exploit, LPE, post-exploitation) for a vuln you’ve been looking at, let us know and we’ll be happy to help out!

1

@aaronsvk This is great! You’re the person who discovered the vuln, too, yes? Really nice work.

1

I appreciate that you included a specific threat model scenario here, thanks!

1

I can’t upvote this enough. What a great clarification on vulnerability definition!

3

Your Twitter thread on this was really helpful as @wvu-r7 was working through module code, thanks!

3
Ratings
Technical Analysis

There’s a Metasploit exploit module out for this now, and pen testers have reported that seeing vulnerable Exchange servers is common on engagements. As zeroSteiner has pointed out on Twitter, all that’s needed for reliable code execution is a domain user with a mailbox: https://twitter.com/zeroSteiner/status/1234983584177328129.
TrustedSec has a great write-up on IoCs here: https://www.trustedsec.com/blog/detecting-cve-20200688-remote-code-execution-vulnerability-on-microsoft-exchange-server/

1
Ratings
  • Attacker Value
    High
  • Exploitability
    Medium