Описание
The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:jetroplatforms:jetro_cockpit_secure_browsing:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:jetroplatforms:jetro_cockpit_secure_browsing:4.3.3:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00296
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension.
EPSS
Процентиль: 53%
0.00296
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-20