Directory Traversal Vulnerability in Rapid7 Metasploit

Directory Traversal Vulnerability in Rapid7 Metasploit

CVE-2017-5231 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.

Learn more about our Api Penetration Testing.