CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-5228

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.8%

CVSS Severity

CVSS v3 Score 7.1

CVSS v2 Score 5.1

References

http://www.securityfocus.com/bid/96954
https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products
http://www.securityfocus.com/bid/96954
https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products

Products affected by CVE-2017-5228

Rapid7 » Metasploit » Version: 4.11.7

cpe:2.3:a:rapid7:metasploit:4.11.7
Rapid7 » Metasploit » Version: 4.12.40

cpe:2.3:a:rapid7:metasploit:4.12.40
Rapid7 » Metasploit » Version: 4.13.0

cpe:2.3:a:rapid7:metasploit:4.13.0
Rapid7 » Metasploit » Version: 4.13.1

cpe:2.3:a:rapid7:metasploit:4.13.1
Rapid7 » Metasploit » Version: 4.13.19

cpe:2.3:a:rapid7:metasploit:4.13.19

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-5228

Products

Pricing

Contact Us