CVE-2020-7385
HIGHMetasploit Framework < 4.19.0 - Remote Code Execution via DRb Deserialization
Title source: llmDescription
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a "hack-back" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically.
References (3)
Core 3
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/rapid7/metasploit-framework/pull/14300
Release Notes, Vendor Advisory x_refsource_misc
https://help.rapid7.com/metasploit/release-notes/archive/2020/10/
Patch, Third Party Advisory x_refsource_confirm
https://github.com/rapid7/metasploit-framework/pull/14335
Scores
CVSS v3
8.1
EPSS
0.0058
EPSS Percentile
69.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Details
CWE
CWE-502
Status
published
Products (2)
rapid7/metasploit
< 4.19.0
rubygems/metasploit-framework
0 - 4.19.0RubyGems
Published
Apr 23, 2021
Tracked Since
Feb 18, 2026