CVE-2019-16305 - OpenCVE

In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Mobatek	Mobaxterm

Configuration 1 [-]

AND

OR	cpe:2.3:a:mobatek:mobaxterm:11.1:::::::*
	cpe:2.3:a:mobatek:mobaxterm:12.1:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://freetom.github.io/0day/2019/09/14/MobaXterm-command-exec-in-protocol-handler.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-14T14:04:54

Updated: 2024-08-05T01:10:41.644Z

Reserved: 2019-09-14T00:00:00

Link: CVE-2019-16305

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-09-14T15:15:10.503

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-16305

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-14T14:04:54", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://freetom.github.io/0day/2019/09/14/MobaXterm-command-exec-in-protocol-handler.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16305", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://freetom.github.io/0day/2019/09/14/MobaXterm-command-exec-in-protocol-handler.html", "refsource": "MISC", "url": "https://freetom.github.io/0day/2019/09/14/MobaXterm-command-exec-in-protocol-handler.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:10:41.644Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://freetom.github.io/0day/2019/09/14/MobaXterm-command-exec-in-protocol-handler.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16305", "datePublished": "2019-09-14T14:04:54", "dateReserved": "2019-09-14T00:00:00", "dateUpdated": "2024-08-05T01:10:41.644Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mobatek:mobaxterm:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "D6AA3BCD-F818-4FFC-97F8-5F45F7A3DDC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mobatek:mobaxterm:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "68EA9D95-F323-4891-B42F-8F1F0FF6264A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI."}, {"lang": "es", "value": "En MobaXterm versiones 11.1 y 12.1, el manejador de protocolo es vulnerable a la inyecci\u00f3n de comandos. Un enlace dise\u00f1ado puede activar una ventana emergente que pregunta al usuario si desea ejecutar MobaXterm para manejar el enlace. Si es aceptado, aparece otra ventana emergente preguntando confirmaci\u00f3n adicional. Si esto es tambi\u00e9n aceptado, es alcanzada una ejecuci\u00f3n de comando, como es demostrado por el URI MobaXterm://\"calc\"."}], "id": "CVE-2019-16305", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-14T15:15:10.503", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://freetom.github.io/0day/2019/09/14/MobaXterm-command-exec-in-protocol-handler.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}