Known Vulnerabilities for Metasploit by Rapid7
Listed below are 10 of the newest known vulnerabilities associated with "Metasploit" by "Rapid7".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-7385 | By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same de... | 8.8 - HIGH | 2021-04-23 | 2021-05-14 |
| CVE-2020-7384 | Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a fil... | 7.8 - HIGH | 2020-10-29 | 2021-02-03 |
| CVE-2020-7377 | The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path travers... | 7.5 - HIGH | 2020-08-24 | 2020-09-01 |
| CVE-2020-7376 | The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in t... | 9.8 - CRITICAL | 2020-08-24 | 2020-09-02 |
| CVE-2020-7355 | Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an a... | 6.1 - MEDIUM | 2020-06-25 | 2020-07-06 |
| CVE-2020-7354 | Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an at... | 5.4 - MEDIUM | 2020-06-25 | 2020-07-02 |
| CVE-2020-7350 | Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libn... | 7.8 - HIGH | 2020-04-22 | 2020-04-30 |
| CVE-2019-5645 | By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an ar... | 7.5 - HIGH | 2020-09-01 | 2020-09-08 |
| CVE-2019-5642 | Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key ... | 3.3 - LOW | 2019-11-06 | 2019-11-13 |
| CVE-2019-5624 | Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory (... | 7.3 - HIGH | 2019-04-30 | 2023-02-01 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rapid7 | Metasploit | 6.0.3 | All | All | All |
| Application | Rapid7 | Metasploit | 6.0.2 | All | All | All |
| Application | Rapid7 | Metasploit | 6.0.1 | All | All | All |
| Application | Rapid7 | Metasploit | 6.0.0 | All | All | All |
| Application | Rapid7 | Metasploit | 5.0.99 | All | All | All |
| Application | Rapid7 | Metasploit | 5.0.98 | All | All | All |
| Application | Rapid7 | Metasploit | 5.0.97 | All | All | All |
| Application | Rapid7 | Metasploit | 5.0.96 | All | All | All |
| Application | Rapid7 | Metasploit | 5.0.95 | All | All | All |
| Application | Rapid7 | Metasploit | 5.0.94 | All | All | All |
| Application | Rapid7 | Metasploit | 5.0.93 | All | All | All |
| Application | Rapid7 | Metasploit | 5.0.92 | All | All | All |
| Application | Rapid7 | Metasploit | 5.0.91 | All | All | All |
| Application | Rapid7 | Metasploit | 5.0.90 | All | All | All |
| Application | Rapid7 | Metasploit | 5.0.9 | All | All | All |
| Application | Rapid7 | Metasploit | 5.0.89 | All | All | All |
| Application | Rapid7 | Metasploit | 5.0.88 | All | All | All |
| Application | Rapid7 | Metasploit | 5.0.87 | All | All | All |
| Application | Rapid7 | Metasploit | 5.0.86 | All | All | All |
| Application | Rapid7 | Metasploit | 5.0.85 | All | All | All |