CVE-2014-3120

high-risk
Published 2014-07-28

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.

Do I need to act?

!
82.6% chance of exploitation in next 30 days
EPSS score — higher than 17% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
2 public exploits available
33588, 33370
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Elasticsearch

References (17)

Exploit http://bouk.co/blog/elasticsearch-rce/
Exploit http://www.exploit-db.com/exploits/33370
Broken Link http://www.osvdb.org/106949
Exploit http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce
Exploit http://www.securityfocus.com/bid/67731
Vendor Advisory https://www.elastic.co/blog/logstash-1-4-3-released
Vendor Advisory https://www.elastic.co/community/security/
Exploit https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-devel...
Exploit http://bouk.co/blog/elasticsearch-rce/
Exploit http://www.exploit-db.com/exploits/33370
Broken Link http://www.osvdb.org/106949
Exploit http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce
Exploit http://www.securityfocus.com/bid/67731
Vendor Advisory https://www.elastic.co/blog/logstash-1-4-3-released
Vendor Advisory https://www.elastic.co/community/security/
Exploit https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-devel...
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-...
67
/ 100
high-risk
Severity 28/34 · Critical
Exploitability 34/34 · Critical
Exposure 5/34 · Minimal