CVE-2020-7384

Опубликовано: 29 окт. 2020

Источник: nvd

CVSS3: 7

CVSS3: 7.8

CVSS2: 9.3

EPSS Средний

Описание

Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.

Ссылки

http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/rapid7/metasploit-framework/pull/14288
Exploit
Patch
Third Party Advisory
http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/rapid7/metasploit-framework/pull/14288
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*

Версия до 4.19.0 (исключая)

EPSS

Процентиль: 98%

0.66075

Средний

7 High

CVSS3

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-87rr-mcfm-cqc8

github

больше 3 лет назад

Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.

EPSS

Процентиль: 98%

0.66075

Средний

7 High

CVSS3

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-77