CVE-2020-10589 – CVE-2020-10589 is a local privilege escalation ... (How to Fix)

Q: What is the severity of CVE-2020-10589?

CVE-2020-10589 has a CVSS score of 7.8 (HIGH). CVE-2020-10589 is a local privilege escalation vulnerability in v2rayL where low-privileged local users can gain root access by modifying a configuration file that executes commands with root privileges when the v2rayL service restarts. This affects systems running v2rayL 2.1.3 with the vulnerable configuration. Attackers need local access to exploit this vulnerability.

📋 TL;DR

CVE-2020-10589 is a local privilege escalation vulnerability in v2rayL where low-privileged local users can gain root access by modifying a configuration file that executes commands with root privileges when the v2rayL service restarts. This affects systems running v2rayL 2.1.3 with the vulnerable configuration. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:

v2rayL

Versions: 2.1.3

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires v2rayL.service to be configured to run with sudo privileges and /etc/v2rayL/config.json to be writable by low-privileged users.

📦 What is this software?

V2rayl by V2rayl Project

View all CVEs affecting V2rayl →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full root access to the system, allowing complete compromise, data theft, persistence installation, and lateral movement.

🟠

Likely Case

Local user or compromised low-privilege account escalates to root to install malware, steal sensitive data, or pivot to other systems.

🟢

If Mitigated

With proper file permissions and privilege separation, impact is limited to the low-privileged user's own access level.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly reachable from internet.

🏢 Internal Only: HIGH - Any local user or compromised account can exploit this to gain root privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit scripts are publicly available and require only local user access. The vulnerability is straightforward to exploit with existing proof-of-concept code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.1.4 or later

Vendor Advisory: https://github.com/jiangxufeng/v2rayL

Restart Required: Yes

Instructions:

1. Update v2rayL to version 2.1.4 or later. 2. Stop v2rayL service. 3. Install updated package. 4. Restart v2rayL service.

🔧 Temporary Workarounds

Fix file permissions

linux

Change ownership and permissions of config.json to prevent unauthorized writes

sudo chown root:root /etc/v2rayL/config.json
sudo chmod 644 /etc/v2rayL/config.json

Remove sudo privileges

linux

Modify sudoers configuration to remove v2rayL service restart privileges

sudo visudo
Remove or comment out v2rayL service restart entries

🧯 If You Can't Patch

Apply file permission workaround to secure /etc/v2rayL/config.json
Monitor for unauthorized modifications to v2rayL configuration files

🔍 How to Verify

Check if Vulnerable:

Check if /etc/v2rayL/config.json is writable by non-root users: ls -la /etc/v2rayL/config.json

Check Version:

v2rayL --version or check package manager for installed version

Verify Fix Applied:

Verify config.json permissions: ls -la /etc/v2rayL/config.json should show root:root ownership and 644 permissions

📡 Detection & Monitoring

Log Indicators:

Unauthorized modifications to /etc/v2rayL/config.json
Unexpected v2rayL service restarts
Sudo privilege escalation attempts

Network Indicators:

Unusual outbound connections from v2rayL process after privilege escalation

SIEM Query:

process.name='sudo' AND command_line LIKE '%v2rayL%' AND user.name NOT IN ('root', 'authorized_users')

📊 Metadata

CVE ID: CVE-2020-10589

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: March 15, 2020

Last Updated: November 21, 2024

🔗 References

https://gist.github.com/bash-c/6ac238e8b15e60c9105e8cb6b42ec43c#file-v2rayl-lpe-exp2-sh Exploit,Third Party Advisory
https://gist.github.com/bash-c/6ac238e8b15e60c9105e8cb6b42ec43c#file-v2rayl-lpe-exp2-sh Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-10589, you might also want to check these: