CVE-2020-7385
published 2021-04-23CVE-2020-7385: By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is…
PriorityP349high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.75%
75.0th percentile
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a "hack-back" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | nifi | — | — |
| rapid7 | metasploit | < 4.19.0 | 4.19.0 |
| rapid7 | metasploit_framework | 6.0.15 – 6.0.15 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_apache7.5
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module
osv·2022-05-24
CVE-2020-7385 [HIGH] Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a "hack-back" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically.
GHSA
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module
ghsa·2022-05-24
CVE-2020-7385 [HIGH] CWE-502 Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a "hack-back" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically.
Apache
Apache nifi: CVE-2020-9487
vendor_apache·CVSS 7.5
CVE-2020-9487 Apache nifi: CVE-2020-9487
Apache nifi: CVE-2020-9487
Title: Potential Denial of Service with Token Authentication Requests Published: 2020-08-18 Severity: Medium Products: Apache NiFi Affected Versions: 1.0.0 to 1.11.4 Fixed Versions: 1.12.0 Reporter: Dennis Detering, IT Security Consultant at Spike Reply References CVE Record: CVE-2020-9487 NVD Record: CVE-2020-9487 Apache Jira Issue: NIFI-7385 GitHub Pull Request: 4271 The NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens. NiFi 1.12.0 disabled anonymous authentication, implemented a multi-index
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/rapid7/metasploit-framework/pull/14300https://github.com/rapid7/metasploit-framework/pull/14335https://help.rapid7.com/metasploit/release-notes/archive/2020/10/https://github.com/rapid7/metasploit-framework/pull/14300https://github.com/rapid7/metasploit-framework/pull/14335https://help.rapid7.com/metasploit/release-notes/archive/2020/10/
2021-04-23
Published