PT-2017-3110 · Mobatek · Mobaxterm

Publicado

2017-09-18

Atualizado

2020-07-30

CVE-2017-15376

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MobaXterm version 10.4

Description The issue is related to the TELNET service in MobaXterm, which does not require authentication. This allows remote attackers to execute arbitrary commands via TCP port 23. The lack of authentication procedure in the TELNET service enables remote attackers to exploit this issue and perform unauthorized actions.

Recommendations For MobaXterm version 10.4, consider disabling the TELNET service until a patch is available to prevent remote attackers from executing arbitrary commands. Restrict access to TCP port 23 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Authentication

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306CWE-94

Identificadores relacionados

BDU:2017-02508

CVE-2017-15376

Produtos afetados

Mobaxterm

PT-2017-3110 · Mobatek · Mobaxterm

CVE-2017-15376

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4