8.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-7385

GHSA ID

GHSA-xgww-h98f-24qf

EPSS Score

0.67948%

CWE

CWE-502

Published

5/24/2022

Updated

5/5/2023

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-7385

CVE-2020-7385:
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module

By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a "hack-back" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically.

(GitHub Advisory)

8.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-7385

GHSA ID

GHSA-xgww-h98f-24qf

EPSS Score

0.67948%

CWE

CWE-502

Published

5/24/2022

Updated

5/5/2023

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
metasploit-framework	rubygems	< 4.19.0	4.19.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the drb_remote_codeexec module's use of DRb.start_service, which creates an insecure DRb server. The GitHub PR #14300 explicitly removed this service initialization (commit 49145bf) to mitigate the risk. The CWE-502 (Deserialization of Untrusted Data) aligns with DRb's known insecure deserialization behavior. The module's removal in PR #14335 further confirms the inherent vulnerability in its DRb implementation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*y l*un**in* t** *r*_r*mot*_*o***x** *xploit, * M*t*sploit *r*m*work us*r will in**v*rt*ntly *xpos* M*t*sploit to t** s*m* **s*ri*liz*tion issu* t**t is *xploit** *y t**t mo*ul*, *u* to t** r*li*n** on t** vuln*r**l* *istri*ut** Ru*y *l*ss *un*tions.

Reasoning

T** vuln*r**ility st*ms *rom t** *r*_r*mot*_*o***x** mo*ul*'s us* o* *R*.st*rt_s*rvi**, w*i** *r**t*s *n ins**ur* *R* s*rv*r. T** *it*u* PR #***** *xpli*itly r*mov** t*is s*rvi** initi*liz*tion (*ommit *******) to miti**t* t** risk. T** *W*-*** (**s*

8.1

Basic Information

Concerned about an active attack path?

CVE-2020-7385: Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module

8.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2020-7385:
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module

Vulnerability Intelligence
Miggo AI