Vulnerability Details : CVE-2020-7385
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a "hack-back" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically.
Products affected by CVE-2020-7385
- cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-7385
0.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-7385
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
cve@rapid7.con | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2020-7385
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by:
- cve@rapid7.con (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2020-7385
-
https://github.com/rapid7/metasploit-framework/pull/14300
Fixes and updates for the DRuby RCE module by zeroSteiner · Pull Request #14300 · rapid7/metasploit-framework · GitHubExploit;Patch;Third Party Advisory
-
https://help.rapid7.com/metasploit/release-notes/archive/2020/10/
Metasploit Release Notes Archive - October 2020Release Notes;Vendor Advisory
-
https://github.com/rapid7/metasploit-framework/pull/14335
Remove the DRuby remote code execution module by zeroSteiner · Pull Request #14335 · rapid7/metasploit-framework · GitHubPatch;Third Party Advisory
Jump to