← back
CVE-2020-5419

RabbitMQ arbitrary code execution using local binary planting

CVSS 6.7 MEDIUMEPSS 0.5%CWE-427
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.7EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
31 Aug 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
VMware Tanzu · RabbitMQ

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://tanzu.vmware.com/security/cve-2020-5419