CVE-2024-41628

Simple exploit script developed by Redshift Cyber Security to exploit (CVE-2024-41628) ClusterControl LFI vulnerability.

The vulnerability affects the CMON API and specifically the RPC and RPC-TLS user interfaces which by default reside on port 9500 and 9501 respectively.

Due to ClusterControl also typically running as root, any system file can be retrieved.

Examples of files to retrieve:

/etc/shadow
/etc/passwd
/root/.ssh/id_rsa
/etc/cmon.cnf - (Contains ClusterControl RPC Key)

Affected versions of ClusterControl are 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780.

Usage:

python3 CVE-2024-41628.py ip port file

Help:

python3 CVE-2024-41628.py -h

Example:

python3 CVE-2024-41628.py 127.0.0.1 9500 /etc/shadow

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
CVE-2024-41628.py		CVE-2024-41628.py
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2024-41628

Usage:

Help:

Example:

About

Releases

Packages

Languages

Redshift-CyberSecurity/CVE-2024-41628

Folders and files

Latest commit

History

Repository files navigation

CVE-2024-41628

Usage:

Help:

Example:

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages