Share
## https://sploitus.com/exploit?id=D81EE62F-5CCD-50ED-948E-98C68ABCAC33
# Apache CouchDB 3.2.1 - Remote Code Execution (RCE) CVE-2022-24706

Date: 2022-01-21

Software Link: https://couchdb.apache.org/

Version: 3.2.1 and below

Tested on: Kali 2021.2

Based on 1F98D's Erlang Cookie - Remote Code Execution

Shodan: port:4369 "name couchdb at"

CVE: CVE-2022-24706

References:

https://habr.com/ru/post/661195/

https://www.exploit-db.com/exploits/49418

https://insinuator.net/2017/10/erlang-distribution-rce-and-a-cookie-bruteforcer/

https://book.hacktricks.xyz/pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd#erlang-cookie-rce