CVE Vulnerability

CVE-2022-24950

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3 Patch Third Party Advisory
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-85gw-pchc-4rf3 Exploit Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/02/16/1
Configurations

Configuration 1

cpe:2.3:a:eternal_terminal_project:eternal_terminal:*:*:*:*:*:*:*:*
Information

Published : 2022-08-16 01:15

Updated : 2023-02-16 07:15

NVD link : CVE-2022-24950

Mitre link : CVE-2022-24950

Products Affected
No products.
CWE
CWE-362