CISA KEV 정보
| 취약점명 | Elasticsearch Remote Code Execution Vulnerability |
|---|---|
| 설명 | Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-284 |
| 등록일 (KEV) | 2022-03-25 |
| 조치 기한 | 2022-04-15 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2014-3120 |
NVD 상세 정보
CVSS v3.1: 8.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NCVSS v2.0: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P설명: The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
CWE: CWE-284 | CWE-284
참조
- http://bouk.co/blog/elasticsearch-rce/ [Exploit]
- http://www.exploit-db.com/exploits/33370 [Exploit]
- http://www.osvdb.org/106949 [Broken Link]
- http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce [Exploit, Third Party Advisory]
- http://www.securityfocus.com/bid/67731 [Exploit]
- https://www.elastic.co/blog/logstash-1-4-3-released [Vendor Advisory]
- https://www.elastic.co/community/security/ [Vendor Advisory]
- https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch [Exploit]
- http://bouk.co/blog/elasticsearch-rce/ [Exploit]
- http://www.exploit-db.com/exploits/33370 [Exploit]
- http://www.osvdb.org/106949 [Broken Link]
- http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce [Exploit, Third Party Advisory]
- http://www.securityfocus.com/bid/67731 [Exploit]
- https://www.elastic.co/blog/logstash-1-4-3-released [Vendor Advisory]
- https://www.elastic.co/community/security/ [Vendor Advisory]
- ... 외 2건
This product uses the NVD API but is not endorsed or certified by the NVD.