CVE-2020-7384

moderate-risk
Published 2020-10-29

Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.

Do I need to act?

!
70.1% chance of exploitation in next 30 days
EPSS score — higher than 30% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
49491
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.0/10 High
LOCAL / HIGH complexity

Affected Products (1)

Affected Vendors

Rapid7

References (6)

Exploit http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom...
Exploit http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-...
Exploit https://github.com/rapid7/metasploit-framework/pull/14288
Exploit http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom...
Exploit http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-...
Exploit https://github.com/rapid7/metasploit-framework/pull/14288
42
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 19/34 · Moderate
Exposure 5/34 · Minimal