Lucene search

K
cve[email protected]CVE-2022-24950
HistoryAug 16, 2022 - 1:15 a.m.

CVE-2022-24950

2022-08-1601:15:12
CWE-362
web.nvd.nist.gov
43
2
cve-2022-24950
eternal terminal
race condition
ssh
authorization
hijack
bug

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.3%

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users’ SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().

Affected configurations

NVD
Node
eternal_terminal_projecteternal_terminalRange<6.2.0

CNA Affected

[
  {
    "vendor": "Jason Gauci",
    "product": "Eternal Terminal",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "6.2.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.3%

Related for CVE-2022-24950