CVE-2015-9059

Name of the Vulnerable Software and Affected Versions picocom versions prior to 2.0

Description The issue is related to a command injection vulnerability in the 'send and receive file' command. This vulnerability arises because the command line is executed by /bin/sh unsafely, allowing an attacker to execute arbitrary commands. The lack of input sanitization measures in the 'send and receive file' command of the Picocom terminal emulation software is the core of the problem. This could enable a remote attacker to execute arbitrary commands using /bin/sh for launching external commands.

Recommendations For versions prior to 2.0, as a temporary workaround, consider disabling the 'send and receive file' command until a patch is available. Restrict access to the send and receive file functionality to minimize the risk of exploitation. Update to version 2.0 or later to resolve the issue.