Upgrading to version 21.0 eliminates this vulnerability.ĬVSSv3 info edit VulDB Meta Base Score: 4. In particular, the Software allows its user, via a tabbed terminal: - to remotely manage several distance sessions (SSH, RDP, VNC, XDMCP, FTP, SFTP, etc.) - to have an X server, and various network tools (packet manager, port analysis, SSH tunnel, etc.) - to remotely control computers running Unix and Windows operating systems. The attack technique deployed by this issue is T1499 according to MITRE ATT&CK. ![]() Technical details of the vulnerability are known, but there is no available exploit. Required for exploitation is a single authentication. This vulnerability is known as CVE-2021-28847 since. MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. As an impact it is known to affect availability. The CWE definition for the vulnerability is CWE-404. The manipulation with an unknown input leads to a denial of service vulnerability. Affected by this vulnerability is the function SetWindowTextA/SetWindowTextW of the component Tab Title Handler. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability has been found in MobaXterm up to 20.x ( Windowing System Software) and classified as problematic. ![]() The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |