CVE-2020-5377
The target OpenManage instance on the HACKSMARTERSEC(10.10.183.209) host is vulnerable to CVE-2020-5377 due to its outdated version; 9.4.0.2.
A vulnerability, which was classified as critical, was found in Dell EMC OpenManage Server Administrator up to 9.4. Affected is an unknown function of the component Web API. The manipulation as part of API Request leads to path traversal. This vulnerability is traded as CVE-2020-5377. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
Exploit
The original exploit was written by RhinoSecurityLabs.
A better working, exploit located.
┌──(kali㉿kali)-[~/archive/thm/hacksmartersecurity]
└─$ git clone https://github.com/h3x0v3rl0rd/CVE-2020-5377
Cloning into 'CVE-2020-5377'...
remote: Enumerating objects: 27, done.
remote: Counting objects: 100% (27/27), done.
remote: Compressing objects: 100% (22/22), done.
remote: Total 27 (delta 7), reused 0 (delta 0), pack-reused 0 (from 0)
Receiving objects: 100% (27/27), 10.49 KiB | 976.00 KiB/s, done.
Resolving deltas: 100% (7/7), done.Cloning the exploit repo.