CVE-2020-7384: Client-Side Command Injection in Rapid7 Metasploit
First published: Thu Oct 29 2020(Updated: )
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
Credit: cve@rapid7.con
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rapid7 Metasploit | <4.19.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security vulnerability?
The vulnerability ID is CVE-2020-7384.
What is the severity rating of CVE-2020-7384?
The severity rating of CVE-2020-7384 is critical.
What is the affected software for CVE-2020-7384?
The affected software for CVE-2020-7384 is Rapid7 Metasploit version up to 4.19.0.
How can a malicious user exploit CVE-2020-7384?
A malicious user can exploit CVE-2020-7384 by crafting and publishing a malicious APK file that executes arbitrary commands on a victim's machine.
Where can I find more information about CVE-2020-7384?
You can find more information about CVE-2020-7384 at the following references: [Packet Storm Security Advisory](http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html), [Packet Storm Security Advisory](http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html), [GitHub Pull Request](https://github.com/rapid7/metasploit-framework/pull/14288).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/author
- agent/weakness
- agent/remedy
- agent/references
- agent/event
- agent/tags
- agent/description
- agent/first-publish-date
- vendor/rapid7
- canonical/rapid7 metasploit