Eternal Terminal
CVE-2022-24950
HIGH
Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().
AnalysisAI
A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-362. A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId(). Affected products include: Eternal Terminal Project Eternal Terminal. Version information: version 6.2.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Eternal Terminal
View allA privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. Rated high severity (CVSS 7.5), this v
A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Termi
Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered re
In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. Rated medium severity (CVSS 6.3). Public exploit c
Same weakness CWE-362 – Race Condition
View allSame technique Race Condition
View allShare
External POC / Exploit Code
Leaving vuln.today