CVE-2020-11081 : osquery before version 4.4.0 enables a privilege escalation vulnerability. If a

osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. This is fixed in version 4.4.0.

Published 2020-07-10 19:15:12

Updated 2023-01-20 20:32:51

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: File inclusionGain privilege

Products affected by CVE-2020-11081

Linuxfoundation » Osquery
Versions before (<) 4.4.0
cpe:2.3:a:linuxfoundation:osquery:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-11081

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 6 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-11081

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.4	MEDIUM	AV:L/AC:M/Au:N/C:P/I:P/A:P	3.4	6.4	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.2	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H	1.5	6.0	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Changed Confidentiality: High Integrity: High Availability: High
5.3	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N	0.8	4.0	GitHub, Inc.
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: Required Scope: Changed Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2020-11081

CWE-114 Process Control

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.

Assigned by: security-advisories@github.com (Primary)
CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Assigned by: nvd@nist.gov (Secondary)

References for CVE-2020-11081

https://github.com/osquery/osquery/security/advisories/GHSA-2xwp-8fv7-c5pm

osquery susceptible to DLL search order hijacking of zlib1.dll · Advisory · osquery/osquery · GitHub
Third Party Advisory
https://github.com/osquery/osquery/releases/tag/4.4.0

Release 4.4.0 · osquery/osquery · GitHub
Release Notes;Third Party Advisory
https://github.com/osquery/osquery/commit/4d4957f12a6aa0becc9d01d9f97061e1e3d809c5

Disable openssl compression support (#6433) · osquery/osquery@4d4957f · GitHub
Patch;Third Party Advisory
https://github.com/osquery/osquery/pull/6433

Disable openssl compression support by Smjert · Pull Request #6433 · osquery/osquery · GitHub
Patch;Third Party Advisory
https://github.com/osquery/osquery/issues/6426

Privilege Escalation Bug in Osquery 4.2.0 (windows) via Dll Search Order Hijacking · Issue #6426 · osquery/osquery · GitHub
Exploit;Issue Tracking;Third Party Advisory

Jump to

Vulnerability Details : CVE-2020-11081

Products affected by CVE-2020-11081

Exploit prediction scoring system (EPSS) score for CVE-2020-11081

CVSS scores for CVE-2020-11081

CWE ids for CVE-2020-11081

References for CVE-2020-11081