KEVIntel
Back to KEVs
8.1
CVSS
High

CVE-2014-3120

PUBLISHED

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL...

Exploited in the wild Remote Low complexity No user interaction
Vendor
Elastic
Product
Elasticsearch
Published
Jul 28, 2014
EPSS

Description

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.

elasticsearch java cisa nuclei_scanner metasploit

CVSS scores

CVSS v3.1 8.1 High

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS v2.0 6.8

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitation status

Exploited in the wild

Recorded 2022-03-25 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
No
Technical impact
partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Mar 25, 2022

Scanner integrations

Scanner Reference Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/elasticsearch/script_mvel_rce.rb Apr 28, 2025
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2014/CVE-2014-3120.yaml Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

script_mvel_rce

metasploit · Created Unknown

Metasploit module for CVE-2014-3120

xpgdgit/CVE-2014-3120

github · Created 2022-08-01 04:39:04 UTC · 0 stars

echohtp/ElasticSearch-CVE-2014-3120

github · Created 2014-07-07 20:28:34 UTC · 6 stars

POC Code to exploite CVE-2014-3120

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Nuclei

  • Detected by Metasploit