What is CVE-2020-7377?

CVE-2020-7377 is a high-severity vulnerability in Rapid7 Metasploit Framework, classified under Relative Path Traversal. CVSS score: 8.1/10. Published 2020-08-24.

How severe is CVE-2020-7377?

High severity. CVSS v3 base score is 8.1 out of 10.

Path Traversal in Rapid7 Metasploit Framework

CVE-2020-7377

The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the…

EPSS: 0.004 (61.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H.

Affected products

Rapid7 Metasploit Framework — versions 4.12.40, 6.0.3

Weakness classification (CWE)

CWE-23 — Relative Path Traversal

References

github.com/rapid7/metasploit-framework/issues/14015 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-7377?: CVE-2020-7377 is a high-severity vulnerability in Rapid7 Metasploit Framework, classified under Relative Path Traversal. CVSS score: 8.1/10. Published 2020-08-24.
How severe is CVE-2020-7377?: High severity. CVSS v3 base score is 8.1 out of 10.