CVE-2019-16305

Published: Sep 14, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI.

Affected (2)

Products: Mobatek: Mobaxterm

1 product

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mobatek Mobaxterm	Version 11.1
Mobatek Mobaxterm	Version 12.1

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

https://freetom.github.io/0day/2019/09/14/MobaXterm-command-exec-in-protocol-handler.html

Source: cve@mitre.org

Exploit

https://freetom.github.io/0day/2019/09/14/MobaXterm-command-exec-in-protocol-handler.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.