MobaXterm 11.1 URI Handler Argument Injection Vulnerability

MobaXterm 11.1 URI Handler Argument Injection Vulnerability

CVE-2019-13475 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute arbitrary commands. The additional arguments -hideterm and -exitwhendone in the payload make the attack less visible.

Learn more about our User Device Pen Test.