CVE-2020-11108

high-risk
Published 2020-05-11

The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.

Do I need to act?

!
89.6% chance of exploitation in next 30 days
EPSS score — higher than 10% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
4 public exploits available
48519, 48442, 48443 and 1 more
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Pi-Hole

References (12)

Exploit http://packetstormsecurity.com/files/157623/Pi-hole-4.4-Remote-Code-Execution.ht...
Exploit http://packetstormsecurity.com/files/157624/Pi-hole-4.4-Remote-Code-Execution-Pr...
http://packetstormsecurity.com/files/157748/Pi-Hole-heisenbergCompensator-Blockl...
http://packetstormsecurity.com/files/157839/Pi-hole-4.4.0-Remote-Code-Execution....
Exploit https://frichetten.com/blog/cve-2020-11108-pihole-rce/
Exploit https://github.com/Frichetten/CVE-2020-11108-PoC
Exploit http://packetstormsecurity.com/files/157623/Pi-hole-4.4-Remote-Code-Execution.ht...
Exploit http://packetstormsecurity.com/files/157624/Pi-hole-4.4-Remote-Code-Execution-Pr...
http://packetstormsecurity.com/files/157748/Pi-Hole-heisenbergCompensator-Blockl...
http://packetstormsecurity.com/files/157839/Pi-hole-4.4.0-Remote-Code-Execution....
Exploit https://frichetten.com/blog/cve-2020-11108-pihole-rce/
Exploit https://github.com/Frichetten/CVE-2020-11108-PoC
62
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 27/34 · High
Exposure 5/34 · Minimal