CVE-2015-7244 2016-10-12T16:53:58+00:00

SUMMARY

The following vulnerability was found in Mobatek’s MobaXterm:

 

CVE-2015-7244

The MobaXterm application allows for unauthorized access to remote X11 sessions which could provide unauthorized information disclosure or command injection.  

IMPACT

Access Vector:Network Exploitable
Access Complexity:Low
Authentication:Not required to exploit
Impact Type:Allows unauthorized disclosure/modification of information; Allows disruption of service
Privilege Level:Current user privilege

AFFECTED PRODUCTS

  • MobaXterm 8.2

SOFTWARE FIXES

Customers can retrieve the updated software at http://mobaxterm.mobatek.net/download-home-edition.html

If you are unable to obtain the updated software it is recommended that you enable “Access control” for X11 in the MobaXterm Configuration Window.    

Settings-> Configuration -> X11 Tab

TIMELINE

REFERENCES

Leave A Comment