8.8
CVE-2020-7385
- EPSS 1.75%
- Veröffentlicht 23.04.2021 16:15:08
- Zuletzt bearbeitet 21.11.2024 05:37:08
- Quelle cve@rapid7.com
- CVE-Watchlists
- Unerledigt
LoginMetasploit Framework 'drb_remote_codeexec' code execution
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a "hack-back" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rapid7 ≫ Metasploit Version < 4.19.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.75% | 0.749 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| cve@rapid7.com | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://github.com/rapid7/metasploit-framework/pull/14300
https://github.com/rapid7/metasploit-framework/pull/14335
https://help.rapid7.com/metasploit/release-notes/archive/2020/10/