CVE-2020-11108

{"id": "CVE-2020-11108", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-05-11T15:15:11.353", "references": [{"url": "http://packetstormsecurity.com/files/157623/Pi-hole-4.4-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/157624/Pi-hole-4.4-Remote-Code-Execution-Privilege-Escalation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/157748/Pi-Hole-heisenbergCompensator-Blocklist-OS-Command-Execution.html", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/157839/Pi-hole-4.4.0-Remote-Code-Execution.html", "source": "cve@mitre.org"}, {"url": "https://frichetten.com/blog/cve-2020-11108-pihole-rce/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/Frichetten/CVE-2020-11108-PoC", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh."}, {"lang": "es", "value": "El actualizador de Gravity en Pi-hole versiones hasta 4.4, permite a un adversario autenticado cargar archivos arbitrarios. Esto puede ser abusado para una Ejecuci\u00f3n de C\u00f3digo Remota al escribir en un archivo PHP en el directorio web. (Adem\u00e1s, puede ser usado en conjunto con la regla de sudo para el usuario de www-data para escalar privilegios a root). El error de c\u00f3digo est\u00e1 en la funci\u00f3n gravity_DownloadBlocklistFromUrl en el archivo gravity.sh."}], "lastModified": "2020-05-27T18:15:12.877", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pi-hole:pi-hole:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EADFA361-BFFB-418B-B63B-8E9633AD6EC1", "versionEndIncluding": "4.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}