Published: 24/08/2022 Updated: 08/08/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.

Vulnerable Product	Search on Vulmon	Subscribe to Product
goteleport teleport

# Exploit Title: Teleport v1011 - Remote Code Execution (RCE) # Date: 08/01/2022 # Exploit Author: Brandon Roach & Brian Landrum # Vendor Homepage: goteleportcom # Software Link: githubcom/gravitational/teleport # Version: < 1012 # Tested on: Linux # CVE: CVE-2022-36633 Proof of Concept (payload): teleportsite ...

Teleport version 1011 suffers from a remote code execution vulnerability ...

Teleport 936 is vulnerable to command injection leading to remote code execution An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed This url encoded payload can be used in place of a token and sent to a user in a social engineering attack This is fully unauthenticated atta ...

CWE-78 https://github.com/gravitational/teleport https://packetstormsecurity.com/files/168137/Teleport-9.3.6-Command-Injection.html http://packetstormsecurity.com/files/168477/Teleport-10.1.1-Remote-Code-Execution.html https://nvd.nist.gov https://www.exploit-db.com/exploits/51019

CVE-2022-36633

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect