Main Vulnerability Database Exploits ID:2601 - Exploit for OS Command Injection in Metasploit - CVE-2020-7350

ID:2601 - Exploit for OS Command Injection in Metasploit - CVE-2020-7350

Published: April 27, 2020

Vulnerability identifier: #VU27308

Vulnerability risk: High

CVE-ID: CVE-2020-7350

CWE-ID: CWE-78

Exploitation vector: Remote access

Vulnerable software:
Metasploit

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/unix/fileformat/metasploit_libnotify_cmd_injection

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name on the operator's terminal. A remote unauthenticated attacker can use a specially-crafted hostname or service name and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

ID:2601 - Exploit for OS Command Injection in Metasploit - CVE-2020-7350

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human