Vulnerability Description
A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the future.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eternal Terminal Project | Eternal Terminal | < 6.2.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2023/02/16/1
- https://github.com/MisterTea/EternalTerminal/releases/tag/et-v6.2.0Third Party Advisory
- https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-546ExploitPatch
- http://www.openwall.com/lists/oss-security/2023/02/16/1
- https://github.com/MisterTea/EternalTerminal/releases/tag/et-v6.2.0Third Party Advisory
- https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-546ExploitPatch
FAQ
What is CVE-2022-24951?
CVE-2022-24951 is a vulnerability with a CVSS score of 7.0 (HIGH). A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to c...
How severe is CVE-2022-24951?
CVE-2022-24951 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24951?
Check the references section above for vendor advisories and patch information. Affected products include: Eternal Terminal Project Eternal Terminal.