CVE-2020-7358 - OpenCVE

In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Rapid7	Appspider

Configuration 1 [-]

cpe:2.3:a:rapid7:appspider:*:*:*:*:-:-:*:*

References

Link	Resource
https://help.rapid7.com/appspider/release-notes/index.html?pid=7.2.126	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: rapid7

Published: 2020-09-18T14:55:12

Updated: 2020-09-18T14:55:12

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7358

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-18T15:15:13.827

Modified: 2020-09-28T18:36:41.360

Link: CVE-2020-7358

JSON object: View

Redhat Information

No data.

CWE

CWE-427

{"containers": {"cna": {"affected": [{"product": "AppSpider ", "vendor": "Rapid7", "versions": [{"lessThan": "7.2.126", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This issue was discovered and reported by Mishra Dhiraj. "}], "descriptions": [{"lang": "en", "value": "In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-18T14:55:12", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://help.rapid7.com/appspider/release-notes/index.html?pid=7.2.126"}], "source": {"discovery": "EXTERNAL"}, "title": "Code Injection in Rapid7 AppSpider Pro Installer", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@rapid7.com", "ID": "CVE-2020-7358", "STATE": "PUBLIC", "TITLE": "Code Injection in Rapid7 AppSpider Pro Installer"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "AppSpider ", "version": {"version_data": [{"version_affected": "<", "version_value": "7.2.126"}]}}]}, "vendor_name": "Rapid7"}]}}, "credit": [{"lang": "eng", "value": "This issue was discovered and reported by Mishra Dhiraj. "}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-427 Uncontrolled Search Path Element"}]}]}, "references": {"reference_data": [{"name": "https://help.rapid7.com/appspider/release-notes/index.html?pid=7.2.126", "refsource": "MISC", "url": "https://help.rapid7.com/appspider/release-notes/index.html?pid=7.2.126"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2020-7358", "datePublished": "2020-09-18T14:55:12", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2020-09-18T14:55:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rapid7:appspider:*:*:*:*:-:-:*:*", "matchCriteriaId": "F57BA91D-428B-4D02-9580-C80B0F1FB77C", "versionEndExcluding": "7.2.126", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name."}, {"lang": "es", "value": "En el instalador AppSpider versiones anteriores a 7.2.126, el instalador AppSpider llama a un ejecutable que puede ser colocado en el directorio apropiado por un atacante con acceso a la m\u00e1quina local. Esto impedir\u00eda que el instalador distinga entre un ejecutable v\u00e1lido llamado durante una instalaci\u00f3n y cualquier ejecutable de c\u00f3digo arbitrario usando el mismo nombre de archivo"}], "id": "CVE-2020-7358", "lastModified": "2020-09-28T18:36:41.360", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 5.5, "source": "cve@rapid7.com", "type": "Secondary"}]}, "published": "2020-09-18T15:15:13.827", "references": [{"source": "cve@rapid7.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://help.rapid7.com/appspider/release-notes/index.html?pid=7.2.126"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "cve@rapid7.com", "type": "Secondary"}]}