Vulnerability Description
In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mobatek | Mobaxterm | 11.1 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://freetom.github.io/0day/2019/09/14/MobaXterm-command-exec-in-protocol-hanExploit
- https://freetom.github.io/0day/2019/09/14/MobaXterm-command-exec-in-protocol-hanExploit
FAQ
What is CVE-2019-16305?
CVE-2019-16305 is a vulnerability with a CVSS score of 8.8 (HIGH). In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, ...
How severe is CVE-2019-16305?
CVE-2019-16305 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16305?
Check the references section above for vendor advisories and patch information. Affected products include: Mobatek Mobaxterm, Microsoft Windows.