CVE-2022-36633

Sažetak

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.

Reference

https://github.com/gravitational/teleport
https://packetstormsecurity.com/files/168137/Teleport-9.3.6-Command-Injection.html
http://packetstormsecurity.com/files/168477/Teleport-10.1.1-Remote-Code-Execution.html

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	-

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

08-08-2023 - 14:21

Objavljeno

24-08-2022 - 13:15