CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE). This vulnerability arises because PyMOL treats .PYM files as Python scripts without properly validating or restricting the commands within the script, enabling attackers to run unauthorized commands in the context of the user running the application.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/schrodinger/pymol-open-source/issues/405
https://github.com/yamerooo123/CVE/blob/main/CVE-2024-50636/Description.md
https://youtu.be/SWnN_a1tUNc

Configurations

No configuration.

History

No history.

Information

Published : 2024-11-11 23:15

Updated : 2024-11-19 19:35

NVD link : CVE-2024-50636

Mitre link : CVE-2024-50636

CVE.ORG link : CVE-2024-50636

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2024-50636", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-11-11T23:15:05.833", "references": [{"url": "https://github.com/schrodinger/pymol-open-source/issues/405", "source": "cve@mitre.org"}, {"url": "https://github.com/yamerooo123/CVE/blob/main/CVE-2024-50636/Description.md", "source": "cve@mitre.org"}, {"url": "https://youtu.be/SWnN_a1tUNc", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "PyMOL 2.5.0 contains a vulnerability in its \"Run Script\" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE). This vulnerability arises because PyMOL treats .PYM files as Python scripts without properly validating or restricting the commands within the script, enabling attackers to run unauthorized commands in the context of the user running the application."}, {"lang": "es", "value": "PyMOL 2.5.0 contiene una vulnerabilidad en su funci\u00f3n \"Run Script\", que permite la ejecuci\u00f3n de c\u00f3digo Python arbitrario incrustado en archivos .PYM. Los atacantes pueden manipular un archivo .PYM malicioso que contenga un payload de shell inversa de Python y explotar la funci\u00f3n para lograr la ejecuci\u00f3n remota de comandos (RCE). Esta vulnerabilidad surge porque PyMOL trata los archivos .PYM como scripts de Python sin validar o restringir adecuadamente los comandos dentro del script, lo que permite a los atacantes ejecutar comandos no autorizados en el contexto del usuario que ejecuta la aplicaci\u00f3n."}], "lastModified": "2024-11-19T19:35:14.833", "sourceIdentifier": "cve@mitre.org"}