CVE-2020-11108
CVE-2020-11108
Vexday Risk Score
62High priority
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Popular PoC on GitHub (27 stars) — exploitation code widely available.
CVSS —EPSS 78.3%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
04 Apr 2020Public PoC
10 May 2020Metasploit module available
11 May 2020Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.
Affected products
n/a · n/apublic PoCs found — 9
githubgithub.com/Frichetten/CVE-2020-11108-PoC★ 27cve_referencepacketstormsecurity.com/files/157624/Pi-hole-4.4-Remote-Code-Execution-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/157748/Pi-Hole-heisenbergCompensator-Blocklist-OS-Command-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/157839/Pi-hole-4.4.0-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48519unverifiedexploitdbwww.exploit-db.com/exploits/48442unverifiedexploitdbwww.exploit-db.com/exploits/48443unverifiedcve_referencepacketstormsecurity.com/files/157623/Pi-hole-4.4-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48491unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/157623/Pi-hole-4.4-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/157624/Pi-hole-4.4-Remote-Code-Execution-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/157748/Pi-Hole-heisenbergCompensator-Blocklist-OS-Command-Execution.htmlhttp://packetstormsecurity.com/files/157839/Pi-hole-4.4.0-Remote-Code-Execution.htmlhttps://frichetten.com/blog/cve-2020-11108-pihole-rce/https://github.com/Frichetten/CVE-2020-11108-PoC