admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-163xx/CVE-2019-16305.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

121 lines
3.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-16305",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-09-14T15:15:10.503",
"lastModified": "2020-08-24T17:37:01.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI."
},
{
"lang": "es",
"value": "En MobaXterm versiones 11.1 y 12.1, el manejador de protocolo es vulnerable a la inyecci\u00f3n de comandos. Un enlace dise\u00f1ado puede activar una ventana emergente que pregunta al usuario si desea ejecutar MobaXterm para manejar el enlace. Si es aceptado, aparece otra ventana emergente preguntando confirmaci\u00f3n adicional. Si esto es tambi\u00e9n aceptado, es alcanzada una ejecuci\u00f3n de comando, como es demostrado por el URI MobaXterm://\"calc\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mobatek:mobaxterm:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6AA3BCD-F818-4FFC-97F8-5F45F7A3DDC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mobatek:mobaxterm:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68EA9D95-F323-4891-B42F-8F1F0FF6264A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://freetom.github.io/0day/2019/09/14/MobaXterm-command-exec-in-protocol-handler.html",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink