{"uuid": "d39c2d56-cc79-479d-bbda-69f014cb4040", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26923", "type": "seen", "source": "https://t.me/poxek/2448", "content": "#\u041d\u043e\u0432\u043e\u0441\u0442\u0438\n\nMetasploit Weekly Wrap-Up\n\nThis week Metasploit has a new ICPR Certificate Management module from Oliver Lyak and our very own Spencer McIntyre, which can be utilized for issuing certificates via Active Directory Certificate Services. It has the capability to issue certificates which is useful in a few contexts including persistence, ESC1 and as a primitive necessary for exploiting CVE-2022-26923. Resulting in the PFX certificate file being stored to loot and is encrypted using a blank password.", "creation_timestamp": "2022-09-05T11:00:05.000000Z"}