exploitDog

CVE-2015-7244

Опубликовано: 04 нояб. 2015

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets.

Ссылки

http://blog.mobatek.net/post/mobaxterm-new-release-8.3/
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/316888
Third Party Advisory
US Government Resource
http://www.securifera.com/advisories/cve-2015-7244
http://blog.mobatek.net/post/mobaxterm-new-release-8.3/
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/316888
Third Party Advisory
US Government Resource
http://www.securifera.com/advisories/cve-2015-7244

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mobatek:mobaxterm:*:*:*:*:*:*:*:*

Версия до 8.2 (включая)

EPSS

Процентиль: 91%

0.0731

Низкий

7.5 High

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-v6qx-v2fm-22f6

github

больше 3 лет назад

The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets.

EPSS

Процентиль: 91%

0.0731

Низкий

7.5 High

CVSS2

Дефекты

CWE-284