CVE-2024-6127

CRITICAL

PowerShellEmpire Arbitrary File Upload (Skywalker)

Title source: metasploit

Description

BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Spencer McIntyre, Erik Daguerre, ACE-Responder, Takahiro Yokoyama · rubypocpython

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/empire_skywalker.rb

View Code ZIP pw:eip

References (4)

[Various Sources] https://aceresponder.com/blog/exploiting-empire-c2-framework

[Various Sources] https://github.com/ACE-Responder/Empire-C2-RCE-PoC

[Various Sources] https://github.com/BC-SECURITY/Empire/blob/8283bbc77250232eb493bf1f9104fdd0d468962a/CHANGELOG.md?plain=1#L102

[Third Party Advisory] https://vulncheck.com/advisories/empire-unauth-rce

Scores

CVSS v3 9.8

EPSS 0.6611

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22 CWE-434

Status published

Products (1)

BC Security/Empire < 5.9.3

Published Jun 27, 2024

Tracked Since Feb 18, 2026