Vulnerability Details CVE-2014-3120
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.826
EPSS Ranking 99.2%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
Proposed Action
Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.
Ransomware Campaign
Unknown
References
- http://bouk.co/blog/elasticsearch-rce/
- http://www.exploit-db.com/exploits/33370
- http://www.osvdb.org/106949
- http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce
- http://www.securityfocus.com/bid/67731
- https://www.elastic.co/blog/logstash-1-4-3-released
- https://www.elastic.co/community/security/
- https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch
- http://bouk.co/blog/elasticsearch-rce/
- http://www.exploit-db.com/exploits/33370
- http://www.osvdb.org/106949
- http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce
- http://www.securityfocus.com/bid/67731
- https://www.elastic.co/blog/logstash-1-4-3-released
- https://www.elastic.co/community/security/
- https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-3120
Products affected by CVE-2014-3120
-
cpe:2.3:a:elastic:elasticsearch:0.10.0
-
cpe:2.3:a:elastic:elasticsearch:0.11.0
-
cpe:2.3:a:elastic:elasticsearch:0.12.0
-
cpe:2.3:a:elastic:elasticsearch:0.12.1
-
cpe:2.3:a:elastic:elasticsearch:0.13.0
-
cpe:2.3:a:elastic:elasticsearch:0.13.1
-
cpe:2.3:a:elastic:elasticsearch:0.14.0
-
cpe:2.3:a:elastic:elasticsearch:0.14.1
-
cpe:2.3:a:elastic:elasticsearch:0.14.2
-
cpe:2.3:a:elastic:elasticsearch:0.14.3
-
cpe:2.3:a:elastic:elasticsearch:0.14.4
-
cpe:2.3:a:elastic:elasticsearch:0.15.0
-
cpe:2.3:a:elastic:elasticsearch:0.15.1
-
cpe:2.3:a:elastic:elasticsearch:0.15.2
-
cpe:2.3:a:elastic:elasticsearch:0.16.0
-
cpe:2.3:a:elastic:elasticsearch:0.16.1
-
cpe:2.3:a:elastic:elasticsearch:0.16.2
-
cpe:2.3:a:elastic:elasticsearch:0.16.3
-
cpe:2.3:a:elastic:elasticsearch:0.16.4
-
cpe:2.3:a:elastic:elasticsearch:0.16.5
-
cpe:2.3:a:elastic:elasticsearch:0.17.0
-
cpe:2.3:a:elastic:elasticsearch:0.17.1
-
cpe:2.3:a:elastic:elasticsearch:0.17.10
-
cpe:2.3:a:elastic:elasticsearch:0.17.2
-
cpe:2.3:a:elastic:elasticsearch:0.17.3
-
cpe:2.3:a:elastic:elasticsearch:0.17.4
-
cpe:2.3:a:elastic:elasticsearch:0.17.5
-
cpe:2.3:a:elastic:elasticsearch:0.17.6
-
cpe:2.3:a:elastic:elasticsearch:0.17.7
-
cpe:2.3:a:elastic:elasticsearch:0.17.8
-
cpe:2.3:a:elastic:elasticsearch:0.17.9
-
cpe:2.3:a:elastic:elasticsearch:0.18.0
-
cpe:2.3:a:elastic:elasticsearch:0.18.1
-
cpe:2.3:a:elastic:elasticsearch:0.18.2
-
cpe:2.3:a:elastic:elasticsearch:0.18.3
-
cpe:2.3:a:elastic:elasticsearch:0.18.4
-
cpe:2.3:a:elastic:elasticsearch:0.18.5
-
cpe:2.3:a:elastic:elasticsearch:0.18.6
-
cpe:2.3:a:elastic:elasticsearch:0.18.7
-
cpe:2.3:a:elastic:elasticsearch:0.19.0
-
cpe:2.3:a:elastic:elasticsearch:0.19.1
-
cpe:2.3:a:elastic:elasticsearch:0.19.10
-
cpe:2.3:a:elastic:elasticsearch:0.19.11
-
cpe:2.3:a:elastic:elasticsearch:0.19.12
-
cpe:2.3:a:elastic:elasticsearch:0.19.2
-
cpe:2.3:a:elastic:elasticsearch:0.19.3
-
cpe:2.3:a:elastic:elasticsearch:0.19.4
-
cpe:2.3:a:elastic:elasticsearch:0.19.5
-
cpe:2.3:a:elastic:elasticsearch:0.19.6
-
cpe:2.3:a:elastic:elasticsearch:0.19.7
-
cpe:2.3:a:elastic:elasticsearch:0.19.8
-
cpe:2.3:a:elastic:elasticsearch:0.19.9
-
cpe:2.3:a:elastic:elasticsearch:0.20.0
-
cpe:2.3:a:elastic:elasticsearch:0.20.1
-
cpe:2.3:a:elastic:elasticsearch:0.20.2
-
cpe:2.3:a:elastic:elasticsearch:0.20.3
-
cpe:2.3:a:elastic:elasticsearch:0.20.4
-
cpe:2.3:a:elastic:elasticsearch:0.20.5
-
cpe:2.3:a:elastic:elasticsearch:0.20.6
-
cpe:2.3:a:elastic:elasticsearch:0.4.0
-
cpe:2.3:a:elastic:elasticsearch:0.5.0
-
cpe:2.3:a:elastic:elasticsearch:0.5.1
-
cpe:2.3:a:elastic:elasticsearch:0.6.0
-
cpe:2.3:a:elastic:elasticsearch:0.7.0
-
cpe:2.3:a:elastic:elasticsearch:0.7.1
-
cpe:2.3:a:elastic:elasticsearch:0.8.0
-
cpe:2.3:a:elastic:elasticsearch:0.9.0
-
cpe:2.3:a:elastic:elasticsearch:0.90.0
-
cpe:2.3:a:elastic:elasticsearch:0.90.1
-
cpe:2.3:a:elastic:elasticsearch:0.90.10
-
cpe:2.3:a:elastic:elasticsearch:0.90.11
-
cpe:2.3:a:elastic:elasticsearch:0.90.12
-
cpe:2.3:a:elastic:elasticsearch:0.90.13
-
cpe:2.3:a:elastic:elasticsearch:0.90.2
-
cpe:2.3:a:elastic:elasticsearch:0.90.3
-
cpe:2.3:a:elastic:elasticsearch:0.90.4
-
cpe:2.3:a:elastic:elasticsearch:0.90.5
-
cpe:2.3:a:elastic:elasticsearch:0.90.6
-
cpe:2.3:a:elastic:elasticsearch:0.90.7
-
cpe:2.3:a:elastic:elasticsearch:0.90.8
-
cpe:2.3:a:elastic:elasticsearch:0.90.9
-
cpe:2.3:a:elastic:elasticsearch:1.0.0
-
cpe:2.3:a:elastic:elasticsearch:1.0.1
-
cpe:2.3:a:elastic:elasticsearch:1.0.2
-
cpe:2.3:a:elastic:elasticsearch:1.0.3
-
cpe:2.3:a:elastic:elasticsearch:1.1.0
-
cpe:2.3:a:elastic:elasticsearch:1.1.1
-
cpe:2.3:a:elastic:elasticsearch:1.1.2