Paperclip AI remote execution flaw added to Metasploit
The latest Metasploit update includes an chain aimed at Paperclip AI. The is listed as . means someone may be able to run commands from far away without logging in first.
The same update also adds a Windows module that uses NTLM relay to gain local . That Windows attack links several steps involving WebDAV, LDAP, a Kerberos service ticket, and PsExec to reach higher access.
Key points
- Metasploit now includes a chain for Paperclip AI.
- The is identified as .
- Because it is described as und, it may not require a valid login.
- Check whether Paperclip AI and are the same affected tool or .
- If affected, update quickly, restrict access, and review logs.