CVE-2024-50636

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Nov 11, 2024 / Updated: 8d ago

010
CVSS 9.8EPSS 0.05%Critical
CVE info copied to clipboard

Summary

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. This vulnerability arises because PyMOL treats .PYM files as Python scripts without properly validating or restricting the commands within the script, enabling attackers to run unauthorized commands in the context of the user running the application.

Impact

Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE). This can lead to unauthorized access, data theft, system compromise, and potential lateral movement within the network. The vulnerability has a CVSS v3.1 base score of 9.8 (Critical), indicating severe potential consequences. The impact on confidentiality, integrity, and availability is rated as HIGH, meaning the attacker can fully compromise the system's confidentiality, alter any files on the target, and render the system completely unavailable.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

As of the provided information, there is no mention of an available patch for this vulnerability in PyMOL 2.5.0.

Mitigation

Until a patch is available, consider the following mitigation strategies: 1. Restrict the use of PyMOL 2.5.0 in your environment, especially on critical systems. 2. Implement strict access controls for .PYM files and limit their execution to trusted sources only. 3. Use application whitelisting to prevent unauthorized execution of Python scripts. 4. Educate users about the risks of opening untrusted .PYM files. 5. Monitor systems running PyMOL for suspicious activities, especially unexpected network connections or process executions. 6. If possible, consider using an earlier version of PyMOL that is not affected by this vulnerability, while weighing the risks of using an older version against this specific threat. 7. Implement network segmentation to limit the potential impact of a compromised system.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-50636

Nov 11, 2024 at 11:15 PM
First Article

Feedly found the first article mentioning CVE-2024-50636. See article

Nov 11, 2024 at 11:22 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 11, 2024 at 11:22 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.8%)

Nov 12, 2024 at 9:54 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Nov 19, 2024 at 7:40 PM / nvd
Static CVE Timeline Graph

Attack Patterns

CAPEC-242: Code Injection
+null more

News

cveNotify : 🚨 CVE-2024-50636PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE). This vulnerability arises because PyMOL treats .PYM files as Python scripts without properly validating or restricting the commands within the script, enabling attackers to run unauthorized commands in the context of the user running the application.🎖@cveNotify
cveNotify : 🚨 CVE-2024-50636PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE). This vulnerability arises because PyMOL treats .PYM files as Python scripts without properly validating or restricting the commands within the script, enabling attackers to run unauthorized commands in the context of the user running the application.🎖@cveNotify
CVE-2024-50636
Critical Severity Description PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE). This vulnerability arises because PyMOL treats .PYM files as Python scripts without properly validating or restricting the commands within the script, enabling attackers to run unauthorized commands in the context of the user running the application. Read more at https://www.tenable.com/cve/CVE-2024-50636
NA - CVE-2024-50636 - PyMOL 2.5.0 contains a vulnerability in its...
PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file...
CVE-2024-50636
PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE).
CVE-2024-50636 | PyMOL 2.5.0 PYM File improper authorization (Issue 405)
A vulnerability was found in PyMOL 2.5.0 . It has been declared as critical . This vulnerability affects unknown code of the component PYM File Handler . The manipulation leads to improper authorization. This vulnerability was named CVE-2024-50636 . The attack can be initiated remotely. There is no exploit available.
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI