← back
CVE-2014-3120

CVE-2014-3120

CVSS 8.1 HIGHEPSS 88.6%● KEVCWE-284
In short

Elasticsearch before version 1.2 allows attackers to run arbitrary code on the server through search requests because dynamic scripting is enabled by default. This is a serious vulnerability if Elasticsearch is not isolated on its own machine.

Technical detail

CVE-2014-3120 exploits enabled dynamic scripting in Elasticsearch <1.2, allowing unauthenticated remote code execution via MVEL expressions in the _search API's source parameter. Exploitation requires network access to the Elasticsearch service; impact includes complete system compromise. The vulnerability assumes Elasticsearch runs in a shared environment without proper isolation.

Summary generated and translated by AI from the official description.
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected products
n/a · n/a
public PoCs found7
githubgithub.com/echohtp/ElasticSearch-CVE-2014-31206githubgithub.com/jeffgeiger/es_inject0githubgithub.com/xpgdgit/CVE-2014-31200githubgithub.com/Dungsocool/CVE-2014-31200exploitdbwww.exploit-db.com/exploits/33370unverifiedexploitdbwww.exploit-db.com/exploits/33588unverifiedcve_referencewww.exploit-db.com/exploits/33370unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bouk.co/blog/elasticsearch-rce/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-3120https://www.elastic.co/blog/logstash-1-4-3-releasedhttps://www.elastic.co/community/security/https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearchhttp://www.exploit-db.com/exploits/33370http://www.osvdb.org/106949http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rcehttp://www.securityfocus.com/bid/67731