Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera's Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
MITRE Caldera 安全漏洞
Vulnerability Description
MITRE Caldera是MITRE开源的一个自动对抗仿真平台。 MITRE Caldera 4.2.0及之前版本和5.0.0之前版本存在安全漏洞,该漏洞源于动态代理编译功能中的远程代码执行,允许攻击者通过精心设计的Web请求在Caldera服务器上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A