MITRE Caldera Remote Code Execution Vulnerability in Dynamic Agent Compilation

A remote code execution vulnerability has been identified in MITRE Caldera versions 4.2.0 and 5.0.0 prior to the patch commit 35bc06e. The issue arises in the dynamic agent compilation feature, allowing remote attackers to execute arbitrary code on the server where Caldera is running. Exploitation involves sending a crafted web request to the Caldera server API used for compiling and downloading Caldera's Sandcat or Manx agents. The request can include the gcc -extldflags linker flag with sub-commands, potentially leading to the execution of malicious code on the server.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where MITRE Caldera is running.

Reproduction

To reproduce this vulnerability, send a crafted web request to the Caldera server API that includes the gcc -extldflags linker flag with sub-commands. This can be done using a tool like curl or Postman, targeting the API endpoint used for compiling and downloading Caldera's Sandcat or Manx agents.

Remediation

Users can update to Caldera version 5.3.0, which includes a patch for this vulnerability. Instructions for updating can be found in the Caldera GitHub repository.