Vulnerability identifier: #VU22307

Vulnerability risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-17664

CWE-ID: CWE-426

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Ghidra
Universal components / Libraries / Software for developers

Vendor: National Security Agency

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to Java process uses the current working directory for launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option. A local user who can place malicious files on the system and trick the victim to run Ghidrafrom the specific directory can execute the cmd.exe program from this working directory with privileges of the current user.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Ghidra: 9.0.0 - 10.1.5

---

External links
http://github.com/NationalSecurityAgency/ghidra/issues/107
http://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-pr2h-5qhx-9544

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.