CVE-2022-24950

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/02/16/1
https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3	Patch Third Party Advisory
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-85gw-pchc-4rf3	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:eternal_terminal_project:eternal_terminal:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-08-16 01:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-24950

Mitre link : CVE-2022-24950

CVE.ORG link : CVE-2022-24950

JSON object : View

Products Affected

eternal_terminal_project

eternal_terminal

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2022-24950", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2022-08-16T01:15:12.437", "references": [{"url": "http://www.openwall.com/lists/oss-security/2023/02/16/1", "source": "cve-assign@fb.com"}, {"url": "https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3", "tags": ["Patch", "Third Party Advisory"], "source": "cve-assign@fb.com"}, {"url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-85gw-pchc-4rf3", "tags": ["Exploit", "Third Party Advisory"], "source": "cve-assign@fb.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}, {"type": "Secondary", "source": "cve-assign@fb.com", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId()."}, {"lang": "es", "value": "Se presenta una condici\u00f3n de carrera en Eternal Terminal versiones anteriores a 6.2.0, que permite a un atacante autenticado secuestrar el socket de autorizaci\u00f3n SSH de otros usuarios, permitiendo al atacante iniciar sesi\u00f3n en otros sistemas como los usuarios objetivo. El error est\u00e1 en la funci\u00f3n UserTerminalRouter::getInfoForId()."}], "lastModified": "2023-02-16T19:15:11.753", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eternal_terminal_project:eternal_terminal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F81EA524-B9EE-48C8-B8BF-8E53D2AAD574", "versionEndExcluding": "6.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve-assign@fb.com"}