This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Pi-hole Gravity updater has a code flaw allowing PHP file injection. π₯ **Consequences**: Remote Code Execution (RCE) & Privilege Escalation to Root.β¦
π» **Hackers Can**: Execute arbitrary code. ποΈ **Privileges**: Start as `www-data` user, then **escalate to Root**. π **Data**: Full control over the server via injected PHP files.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: Low. β οΈ **Auth**: Likely requires web access to the Pi-hole interface. π‘ **Config**: Exploits the automatic update mechanism (Gravity). No complex setup needed for initial RCE.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Public Exp**: YES. π **PoC**: Available on GitHub (Frichetten). π οΈ **Tools**: `cve-2020-11108-rce.py` (Shell as www-data) & `root-cve-2020-11108-rce.py` (Root shell). π’ **Status**: Actively exploited/documented.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for Pi-hole v4.4 or older. π **Verify**: Look for unauthorized PHP files in web directories. π‘ **Monitor**: Unusual network requests to blocklist URLs.β¦
π **Fixed**: YES. π **Date**: Published May 11, 2020. π **Action**: Update Pi-hole to version **4.5+** or latest. π‘οΈ **Official Patch**: Available via standard Pi-hole update commands.
Q9What if no patch? (Workaround)
π§ **Workaround**: If unpatched, **disable Gravity updater** temporarily. π **Restrict Access**: Block external access to Pi-hole web interface.β¦
π΄ **Urgency**: HIGH. π¨ **Priority**: Critical. π₯ **Impact**: Full Server Compromise (Root). β³ **Time**: Exploits are public. π‘οΈ **Action**: Patch IMMEDIATELY. Do not delay.