Lucene search
HistoryFeb 21, 2011 - 9:00 p.m.
CVE-2011-1056
metasploit
framework
windows
installer
local
privilege escalation
cve-2011-1056
6.2 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse.
Affected configurations
Node
metasploitmetasploit_frameworkMatch3.5.1
microsoftwindows
| CPE | Name | Operator | Version |
|---|---|---|---|
| metasploit:metasploit_framework | metasploit metasploit framework | eq | 3.5.1 |
Related
cvelist
cvelist
CVE-2011-1056
2011-02-21 20:00:00
nvd
nvd
CVE-2011-1056
2011-02-21 21:00:00
CVE-2011-1057
2011-02-21 21:00:00
prion
prion
Design/Logic Flaw
2011-02-21 21:00:00
cve
cve
CVE-2011-1057
2011-02-21 21:00:00
openvas
openvas
Metasploit Framework Local Privilege Escalation Vulnerability
2011-02-28 00:00:00
Metasploit Framework Local Privilege Escalation Vulnerability
2011-02-28 00:00:00
6.2 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2011-1056