Vulnerability Description
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a "hack-back" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rapid7 | Metasploit | < 4.19.0 |
Related Weaknesses (CWE)
References
- https://github.com/rapid7/metasploit-framework/pull/14300ExploitPatchThird Party Advisory
- https://github.com/rapid7/metasploit-framework/pull/14335PatchThird Party Advisory
- https://help.rapid7.com/metasploit/release-notes/archive/2020/10/Release NotesVendor Advisory
- https://github.com/rapid7/metasploit-framework/pull/14300ExploitPatchThird Party Advisory
- https://github.com/rapid7/metasploit-framework/pull/14335PatchThird Party Advisory
- https://help.rapid7.com/metasploit/release-notes/archive/2020/10/Release NotesVendor Advisory
FAQ
What is CVE-2020-7385?
CVE-2020-7385 is a vulnerability with a CVSS score of 8.1 (HIGH). By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance o...
How severe is CVE-2020-7385?
CVE-2020-7385 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7385?
Check the references section above for vendor advisories and patch information. Affected products include: Rapid7 Metasploit.