PT-2020-13647 · Telerik · Telerik Fiddler

Lion

Published

2020-11-05

Updated

2020-11-13

CVE-2020-13661

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Telerik Fiddler versions prior to 5.0.20204

Description The issue allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser option.

Recommendations For versions prior to 5.0.20204, update to version 5.0.20204 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the Open On Browser option for hostnames with suspicious characters. Restrict access to locally installed programs to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-13661

Affected Products

Telerik Fiddler

PT-2020-13647 · Telerik · Telerik Fiddler

CVE-2020-13661

Related Identifiers

Affected Products

References · 5