CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: May 3, 2022
Description
Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.
CVSS Score
9.8/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HEPSS — Exploit Probability
94.5%
Higher than 100.0% of all CVEs
Weakness Classification (CWE)
Known Exploits
POChttp://www.securityfocus.com/bid/103534Broken Linkhttp://www.securitytracker.com/id/1040598Broken Linkhttps://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/Broken Linkhttps://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714Third Party Advisoryhttps://github.com/a2u/CVE-2018-7600Third Party Advisoryhttps://github.com/g0rx/CVE-2018-7600-Drupal-RCEPatchhttps://greysec.net/showthread.php?tid=2912&pid=10561Broken Linkhttps://lists.debian.org/debian-lts-announce/2018/03/msg00028.htmlThird Party Advisoryhttps://research.checkpoint.com/uncovering-drupalgeddon-2/Exploithttps://twitter.com/RicterZ/status/979567469726613504Broken Linkhttps://twitter.com/RicterZ/status/984495201354854401Broken Linkhttps://twitter.com/arancaytar/status/979090719003627521Third Party Advisoryhttps://www.debian.org/security/2018/dsa-4156Third Party Advisoryhttps://www.exploit-db.com/exploits/44448/Exploithttps://www.exploit-db.com/exploits/44449/Exploithttps://www.exploit-db.com/exploits/44482/Exploithttps://www.synology.com/support/security/Synology_SA_18_17Third Party Advisoryhttps://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-knowThird Party Advisoryhttp://www.securityfocus.com/bid/103534Broken Linkhttp://www.securitytracker.com/id/1040598Broken Linkhttps://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/Broken Linkhttps://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714Third Party Advisoryhttps://github.com/a2u/CVE-2018-7600Third Party Advisoryhttps://github.com/g0rx/CVE-2018-7600-Drupal-RCEPatchhttps://greysec.net/showthread.php?tid=2912&pid=10561Broken Linkhttps://lists.debian.org/debian-lts-announce/2018/03/msg00028.htmlThird Party Advisoryhttps://research.checkpoint.com/uncovering-drupalgeddon-2/Exploithttps://twitter.com/RicterZ/status/979567469726613504Broken Linkhttps://twitter.com/RicterZ/status/984495201354854401Broken Linkhttps://twitter.com/arancaytar/status/979090719003627521Third Party Advisoryhttps://www.debian.org/security/2018/dsa-4156Third Party Advisoryhttps://www.exploit-db.com/exploits/44448/Exploithttps://www.exploit-db.com/exploits/44449/Exploithttps://www.exploit-db.com/exploits/44482/Exploithttps://www.synology.com/support/security/Synology_SA_18_17Third Party Advisoryhttps://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-knowThird Party Advisory
Required Action
https://nvd.nist.gov/vuln/detail/CVE-2018-7600
Risk Assessment
CRITICALIn CISA KEV
Known exploit
Critical CVSS
High EPSS
Ransomware
Details
- Severity
- High
- CVSS
- 9.8
- EPSS
- 94.5%
- CWE
- CWE-20
- Exploit
- POC
- CISA KEV
- Yes
- Ransomware
- Known
- Articles
- 0
Timeline
Published
Nov 3, 2021
Added to KEV
Nov 3, 2021
Remediation Due
May 3, 2022