CVE-2019-5642

Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface.

CVSS v3 3.3 LOW
CVSS v2.0 2.1 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001	Release Notes Vendor Advisory
https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rapid7:metasploit:::::pro:::*
	cpe:2.3:a:rapid7:metasploit:4.16.0:-:::pro:::*
	cpe:2.3:a:rapid7:metasploit:4.16.0:20190722:::pro:::*
	cpe:2.3:a:rapid7:metasploit:4.16.0:20190805:::pro:::*
	cpe:2.3:a:rapid7:metasploit:4.16.0:2019081901:::pro:::*

History

21 Nov 2024, 04:45

Type	Values Removed	Values Added
References	~~() https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001 - Release Notes, Vendor Advisory~~	() https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001 - Release Notes, Vendor Advisory

Information

Published : 2019-11-06 19:15

Updated : 2024-11-21 04:45

NVD link : CVE-2019-5642

Mitre link : CVE-2019-5642

CVE.ORG link : CVE-2019-5642

JSON object : View

Products Affected

rapid7

metasploit

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2019-5642", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cve@rapid7.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2019-11-06T19:15:12.360", "references": [{"url": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@rapid7.com"}, {"url": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve@rapid7.com", "description": [{"lang": "en", "value": "CWE-732"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface."}, {"lang": "es", "value": "Rapid7 Metasploit Pro versi\u00f3n 4.16.0-2019081901 y anterior, sufre de una instancia de CWE-732, en la que el \u00fanico server.key es escrito en el sistema de archivos durante la instalaci\u00f3n con permisos de tipo world-readable. Esto puede permitir a otros usuarios del mismo sistema donde est\u00e1 instalado Metasploit Pro, por otra parte interceptar comunicaciones privadas a la interfaz web de Metasploit Pro."}], "lastModified": "2024-11-21T04:45:17.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "D0955FF0-9FB8-48BE-AF5F-8DE42FD0C143", "versionEndExcluding": "4.16.0"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.16.0:-:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "35954372-1852-47D3-B920-E9E4AABD6B69"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.16.0:20190722:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "40954A9F-1E07-45A5-AA7C-0AC8C4B478BF"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.16.0:20190805:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "FBD2D8F1-294E-4E6A-B78F-EB3181F2B224"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.16.0:2019081901:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "E78CB217-64EC-4276-A4CB-7D0DAF1E378D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@rapid7.com"}