PT-2004-2449 · Vandyke · Securecrt

Brett Moore

Published

2004-12-31

Updated

2017-07-11

CVE-2004-1541

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SecureCRT versions 4.0 through 4.1

Description The issue allows remote attackers to execute arbitrary commands via a telnet:// URL that uses the /F option to specify a configuration file on a samba share.

Recommendations For versions 4.0 and 4.1, consider disabling the use of the /F option to specify configuration files from samba shares until a patch is available. As a temporary workaround, restrict access to configuration files on samba shares to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1541

Affected Products

Securecrt

PT-2004-2449 · Vandyke · Securecrt

CVE-2004-1541

Related Identifiers

Affected Products

References · 5