⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.
CVE-2020-9480
Severity
9.8CRITICAL
EPSS
90.6%
top 0.39%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Timeline
PublishedJun 23
Latest updateFeb 10
Description
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages5 packages
Patches
🔴Vulnerability Details
5💥Exploits & PoCs
1Nuclei▶
Apache Spark - Authentication Bypass
🔍Detection Rules
3Suricata▶
ET EXPLOIT Apache Spark RPC - Unauthenticated RegisterApplication Request (CVE-2020-9480)↗2022-01-28
Suricata▶
ET ATTACK_RESPONSE Apache Spark RPC - Unauthenticated RegisterApplication - Successfully Registered (CVE-2020-9480)↗2022-01-28
Suricata▶
ET EXPLOIT Apache Spark RPC - Unauthenticated RegisterApplication Request - RCE Attempt (CVE-2020-9480)↗2022-01-28