Attacker Value
Very High
(3 users assessed)
Exploitability
Very High
(3 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
2

CVE-2020-7961

Disclosure Date: March 20, 2020
Add any MITRE ATT&CK Tactics to the list below that apply to this CVE.

Description

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).

Add Assessment

2
Ratings
Technical Analysis

quick assessment to add references:
good write up the vulnerability https://www.synacktiv.com/posts/pentest/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html
working PoC https://github.com/mzer0one/CVE-2020-7961-POC

there is not so much to add here because synacktiv already explained what’s interesting: a preauth RCE on a commonly used in enterprise and internet faced framework. a framework NOT updated on regularly basis.

plus, based on my very own experience, liferay/tomcat on windows let you mostly land as SYSTEM. with an install base, according to shodan, of more than the half on windows, this is a very interesting vuln to exploit

2
Ratings
Technical Analysis

Google dork:- inurl:/api/jsonws

Shodan:- Powered+By+Liferay

publicwww:-https://publicwww.com/websites/Powered+By+Liferay/

POC:-
https://github.com/mzer0one/CVE-2020-7961-POC

General Information

Technical Analysis