Vulnerability Details CVE-2020-7384
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.655
EPSS Ranking 98.4%
CVSS Severity
CVSS v3 Score 7.0
CVSS v2 Score 9.3
References
- http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html
- http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html
- https://github.com/rapid7/metasploit-framework/pull/14288
- http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html
- http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html
- https://github.com/rapid7/metasploit-framework/pull/14288
Products affected by CVE-2020-7384
-
cpe:2.3:a:rapid7:metasploit:4.11.7
-
cpe:2.3:a:rapid7:metasploit:4.12.40
-
cpe:2.3:a:rapid7:metasploit:4.13.0
-
cpe:2.3:a:rapid7:metasploit:4.13.1
-
cpe:2.3:a:rapid7:metasploit:4.13.19
-
cpe:2.3:a:rapid7:metasploit:4.14.0
-
cpe:2.3:a:rapid7:metasploit:4.14.1
-
cpe:2.3:a:rapid7:metasploit:4.14.2
-
cpe:2.3:a:rapid7:metasploit:4.14.3
-
cpe:2.3:a:rapid7:metasploit:4.15.0
-
cpe:2.3:a:rapid7:metasploit:4.15.1
-
cpe:2.3:a:rapid7:metasploit:4.16.0
-
cpe:2.3:a:rapid7:metasploit:4.17.1