Paperclip AI remote execution flaw added to Metasploit

The latest Metasploit update includes an chain aimed at Paperclip AI. The is listed as . means someone may be able to run commands from far away without logging in first.

The same update also adds a Windows module that uses NTLM relay to gain local . That Windows attack links several steps involving WebDAV, LDAP, a Kerberos service ticket, and PsExec to reach higher access.

Key points

  • Metasploit now includes a chain for Paperclip AI.
  • The is identified as .
  • Because it is described as und, it may not require a valid login.
  • Check whether Paperclip AI and are the same affected tool or .
  • If affected, update quickly, restrict access, and review logs.
Read original