10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
77.3%
iTerm2, up to and including version 3.3.5, with tmux integration is vulnerable to remote command execution.
iTerm2 is a popular terminal emulator for macOS that supports terminal multiplexing using tmux integration and is frequently used by developers and system administrators. A vulnerability, identified as CVE-2019-9535, exists in the way that iTerm2 integrates with tmuxβs control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5.
This vulnerability may allow an attacker to execute arbitrary commands on their victimβs computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content. Potential attack vectors include connecting via ssh
to a malicious server, using curl
to fetch a malicious website, or using tail -f
to follow a logfile containing some malicious content.
Apply an update
Update iTerm2 to version 3.3.6, which includes mitigations against exploitation of this vulnerability. The latest version is available as an update within the program itself, or can be downloaded here. As the tmux integration cannot be disabled through configuration, a complete resolution is not yet available. We recommend that users of tmux integration follow the best practices outlined by iTerm2.
763073
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: October 08, 2019
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Temporal | 7.3 | E:POC/RL:OF/RC:C |
Environmental | 1.8 | CDP:ND/TD:L/CR:ND/IR:ND/AR:ND |
Thanks to Stefan GrΓΆnke and Fabian Freyer of Radically Open Security for finding this vulnerability, the Mozilla Open Source Support (MOSS) project for supporting the audit, and George Nachman of iTerm2 for developing the fix, and all parties for coordinating this vulnerability.
This document was written by Madison Oliver.
CVE IDs: | CVE-2019-9535 |
---|---|
Date Public: | 2019-10-09 Date First Published: |
blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/
github.com/gnachman/iTerm2/commit/538d570ea54614d3a2b5724f820953d717fbeb
gitlab.com/gnachman/iterm2/wikis/tmux-Integration-Best-Practices
radicallyopensecurity.com/
www.iterm2.com/documentation-tmux-integration.html
www.iterm2.com/downloads.html
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
77.3%