Metasploit Release Notes

Metasploit Recent Releases / Jul 17, 2023

Jul 17, 20234.22.1-2023071701

Improved

PR 18122 - This adds a library that provides methods for working with Apache RocketMQ.
PR 18144 - Updates the capture plugin to be more helpful, and adds additional documentation. This passive capture plugin can be used with load capture and run with captureg --help.
PR 18147 - Adds support for Ruby 3.3.0-preview1.
PR 18153 - Removes Ruby 2.7 from Metasploit's automated test suite. Ruby 2.7 has been officially marked as end of life by the maintainers. Users are recommended to upgrade to Ruby 3.x with a Ruby version manager or similar.

Pro: We fixed a regression related to display of Disclosed Vulnerabilities for a host when generating reference links.
Pro: We fixed a issue related to weak SSL ciphers when running a web scan.
PR 18152 - This PR fixes a bug where the PHP Meterpreter would show the incorrect file size for very large files.
PR 18166 - Fixes a crash when running the show payloads command for a module that supports encrypted payloads on a machine that doesn't have a Mingw compiler available.

PR 17861 - This module exploits a vulnerability in pfSense version 2.6.0 and below which allows for authenticated users to execute arbitrary operating systems commands as root.
PR 18082 - This adds an exploit module that leverages an RCE in Apache RocketMQ. Due to an access control issue, one can update the Broker's configuration file without authentication and obtain remote code execution in the context of the user running Apache RocketMQ. This vulnerability is identified as CVE-2023-33246.
PR 18164 - This module exploits an auth by-pass vulnerability in the WooCommerce WordPress plugin. By sending a speciality crafted request to the plugin an attacker can by-pass authentication and then use the WordPress API to create an admin user in WordPress.
PR 18170 - Adds a new module for SmarterMail Build 6985 - dotNET Deserialization Remote Code Execution (CVE-2019-7214). The vulnerability affects SmarterTools SmarterMail Version less than or equal to 16.3.6989.16341 (all legacy versions without a build number), or SmarterTools SmarterMail Build less than 6985.