CVE-2020-7385

Name of the Vulnerable Software and Affected Versions: Metasploit Framework (affected versions not specified)

Description: The issue arises when the drb remote codeexec exploit is launched, exposing Metasploit to a deserialization issue due to its reliance on vulnerable Distributed Ruby class functions. This can lead to a system compromise on the Metasploit workstation, especially since Metasploit Framework typically runs with elevated privileges. An attacker would need to lure the Metasploit user into running the affected module against a malicious endpoint. The vulnerability is only present when the drb remote codeexec module is running, which in most cases cannot happen automatically.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.