Vulnerability Details : CVE-2022-24950
Potential exploit
A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().
Products affected by CVE-2022-24950
- cpe:2.3:a:eternal_terminal_project:eternal_terminal:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-24950
0.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-24950
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST |
CWE ids for CVE-2022-24950
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by:
- cve-assign@fb.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2022-24950
-
http://www.openwall.com/lists/oss-security/2023/02/16/1
oss-security - EternalTerminal: Review report and findings (predictable /tmp file paths and file permission issues, 3 CVEs)
-
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-85gw-pchc-4rf3
Eternal Terminal SSH Authorization Socket Hijacking · Advisory · metaredteam/external-disclosures · GitHubExploit;Third Party Advisory
-
https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3
red fixes (#468) · MisterTea/EternalTerminal@900348b · GitHubPatch;Third Party Advisory
Jump to