PT-2023-14924 · Conemu+1 · Conemu+1
David Leadbeater
·
Published
2023-03-28
·
Updated
2024-03-16
·
CVE-2022-46387
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ConEmu versions prior to 220807
Cmder versions prior to 1.3.21
Description
The issue allows an attacker to change the title of the terminal, including control characters, which can then be executed as commands. This is related to the handling of ASCII escape sequences, which can alter terminal states, including executing commands in affected terminals.
Recommendations
For ConEmu versions prior to 220807, update to version 220807 or later to resolve the issue.
For Cmder versions prior to 1.3.21, update to version 1.3.21 or later to resolve the issue.
As a temporary workaround, consider restricting the use of control characters in terminal titles to minimize the risk of exploitation.
Fix
Improper Encoding or Escaping of Output
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cmder
Conemu