PT-2019-14616 · Mobatek · Mobaxterm

Publicado

2019-09-14

Atualizado

2020-08-24

CVE-2019-16305

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MobaXterm versions 11.1 through 12.1

Description The protocol handler in MobaXterm is susceptible to command injection. An attacker can craft a link that, when accepted by the user, can lead to command execution. This is demonstrated by the MobaXterm://calc URI, which can trigger the execution of the calculator application.

Recommendations For MobaXterm versions 11.1 through 12.1, consider disabling the protocol handler as a temporary workaround until a patch is available. Restrict access to links that may trigger the MobaXterm protocol handler to minimize the risk of exploitation.

Exploit

Correção

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

CVE-2019-16305

Produtos afetados

Mobaxterm

PT-2019-14616 · Mobatek · Mobaxterm

CVE-2019-16305

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3