CVE-2020-7354

{"id": "CVE-2020-7354", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "cve@rapid7.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2020-06-25T18:15:12.317", "references": [{"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@rapid7.com"}, {"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@rapid7.com"}, {"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve@rapid7.com", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated 'notes' field of a discovered scan asset."}, {"lang": "es", "value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) en el campo \"host\" de un activo de escaneo detectado en Rapid7 Metasploit Pro, permite a un atacante con un servicio de red especialmente dise\u00f1ado de un objetivo de escaneo almacenar una secuencia de tipo XSS en la consola Metasploit Pro, que se activar\u00e1 cuando el operador visualiza el registro de ese host escaneado en la interfaz Metasploit Pro. Este problema afecta a Rapid7 Metasploit Pro versi\u00f3n 4.17.1-20200427 y versiones anteriores, y es corregido en Metasploit Pro versi\u00f3n 4.17.1-20200514. Consulte tambi\u00e9n CVE-2020-7355, que describe un problema similar, pero involucrando el campo \"notes\" generado de un activo de escaneo detectado"}], "lastModified": "2024-11-21T05:37:06.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "B4607DF8-1406-428E-AF03-04D3EFE8586D", "versionEndExcluding": "4.17.1"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:-:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "8E047784-19E4-4178-89BD-8F0E6C30DA94"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170221:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "E4C55046-26E4-4BE3-9CFA-42DC05F782BC"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170323:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "2D34B5C5-499B-4F42-86E8-22D978DF8806"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170405:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "3CBE5966-C31E-4C9F-B2FE-7CDEBD1BC9FD"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170419:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "548C348D-339C-44F7-B755-9F7A13B522E7"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170510:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "CD803A97-AF04-492F-BC1C-A2246BA3DFDA"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170518:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "1D7613E2-195A-4B82-9E44-8DA13E3D8CDD"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170530:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "F7CA753B-D800-4897-850B-0E16A6AB5D99"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170613:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "ACEF56C3-AD1B-49C1-BE2A-EBB31B24D024"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170627:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "F0801B0E-C4F4-4B92-BFE8-030F6177449A"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170718:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "57CD1F31-5102-4D6C-8380-394A2D3E04E5"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170731:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "C3C90EF9-9370-4240-83FC-BEF54ECFBB04"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170816:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "3777FB35-0AE3-4EB5-988C-08CE20E8AB60"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170828:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "645837BA-4122-4B3A-A638-F92894CB0F5C"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170914:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "80CE6808-487E-4B67-B617-2FC69201C676"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170926:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "13EF0494-CE9E-4B63-9D2E-2AFB3512BAC3"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171009:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "41AC3FDB-AEB9-4B6F-81EB-A4EE7FCD2957"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171030:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "22BF97B2-EF2A-4DD9-81E9-2806731F5A3F"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171115:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "5233FFC8-D110-414F-AA4E-F5AF7C74F585"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171129:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "D63C9642-EEEA-4B2C-9C6E-9ABBFD9DCBCB"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171206:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "63FFB33E-717C-4C6F-8D66-9C9F1C940D87"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171220:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "6768BA01-C0FB-49E2-8A61-28929C2B1B1B"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180108:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "1866B819-707E-432D-92EA-3AA1F347DAED"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180124:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "BDDCD2E4-6853-41CE-A07A-2F028E72DFF4"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180206:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "B3D2C4BF-B825-4890-B2DB-D20FD6756B35"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180301:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "76DB58D7-1B47-4817-9D06-E5656B1331F0"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180312:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "8FF30D6E-0765-4271-A040-235E3B33503E"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180327:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "85DD6D65-CE57-4A3A-9193-CD82CCD4BDBC"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180410:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "9F1B811A-7790-4407-B910-0C70927F7D2F"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180501:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "EE7DFBE8-5ABE-4C67-A85D-8D37E206E51C"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180511:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "E3D1BBDD-D3FD-4F3D-9279-46EDF96FE317"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180526:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "488C3810-3393-4817-87DB-0E2CD2CA3969"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180618:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "9E00DD73-1F9B-4944-907E-F1773316B63B"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180704:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "57966911-0CFC-4355-9B08-2F2688302F96"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180716:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "8439D629-F7F0-4ADA-9BC6-2E3E34220CDE"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180727:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "A26FBA32-4114-42EB-9427-254AB3B9F06B"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180813:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "4A6AE478-FC91-4A4A-9CB0-7BD29ED42E77"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180827:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "A21F2F21-3970-4F75-B72B-D939F35448BB"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180907:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "A0FD1D96-50EA-47E8-997B-CE6B1E58BADA"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180924:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "31FC17EF-B89B-48A2-9196-5E2DA5A2D118"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181009:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "1BB88831-3170-453D-B416-E1F962F8AD6D"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181022:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "1BBF5DA5-B318-436B-8071-A617B99E0637"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181105:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "BBD348EF-91F5-4C02-BD98-ABA902131183"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181130:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "8FE78790-13DE-43F6-80C2-3F85FF6E16E6"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181215:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "BFA0AEAD-9A25-4659-802F-BB56C68847BF"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190108:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "1009C89A-D461-4BFF-A91B-24B7D0E17297"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190118:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "CA03DBAA-EE97-4D73-9454-13FA73F021E8"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190201:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "24DF8346-A21D-44C7-A491-A58099B4D88B"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190219:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "8B38D653-F840-49FA-B4FA-7C23A101E77B"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190303:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "67D0992D-FF74-4F93-A00B-BB4EC0F8A51E"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190319:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "3909F140-EB22-4D05-8576-4C7445A183DB"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190331:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "2610F4B9-0739-4AE8-B4C2-E8578F0466E0"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190416:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "2EA3D971-ECBC-4810-AE61-3167BD3D7F81"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190426:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "E2FBED6C-4BDA-4AE2-999F-5D3063B90D18"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190513:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "51571BCC-8621-4D0F-AE45-DAFF5AD9099A"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190603:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "35266B59-E489-4BF8-ABA5-1B07B3A3B9D3"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190607:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "737684B7-E4EC-46E6-981E-97CDFDEE6AB6"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190626:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "C46B768B-11A8-473E-8532-AF7230F5390C"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190722:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "8DA7A63D-9416-4572-81A1-52D8247EAF15"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190805:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "26989ACB-F823-47AF-825C-ACEFC77A5ABF"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190819:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "E99A1FF5-59C8-4471-A5F4-F6B39CCD5EB2"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190910:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "89361CC7-C9C3-4DD6-A812-ACEA2FD9D3CA"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190930:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "F87117F9-9B8D-4267-9CA1-98FEFA00DE0F"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20191014:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "4510FB72-A61D-4998-9C7B-B368ACADC2F0"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20191030:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "751D173E-BD8C-40DC-A033-52894F665A00"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20191108:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "F28F93F4-EF56-4C56-A34F-3582992039F4"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20191209:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "536EAD48-FCF6-46A0-B8C6-58CB07E6F689"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200113:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "6972D3C6-BBA2-4420-BF7C-F5B0B155E70E"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200122:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "7031F096-9223-481D-A024-6EFB55C6333D"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200131:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "7BF37270-5ABF-4BF0-AC39-78E36E7DFBC0"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200218:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "B4FC8A3F-0F5D-4E34-8E69-7CA66F3ECC10"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200302:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "E69CD84D-9AD9-42EE-8117-CEE86D04B6C6"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200318:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "E6DBB703-B54E-4E16-964A-77356540891C"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200330:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "BD215E6E-94E9-45CC-9E03-7458FDABFA8C"}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200413:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "2333BC4C-CB58-4BA1-ACD2-CDC308DB7B1E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@rapid7.com"}