CVE-2022-24951 — Vulnetix

CVE-2022-24951 PUBLISHED CVSS 7 HIGH

A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the future.

EPSS 0.05% · 15.0th percentile

Risk Scores

CVSS 3.1

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.05%

15.0th percentile

Affected Products

Vendor	Product	Versions
eternal_terminal_project	eternal_terminal	0
Jason Gauci	Eternal Terminal	unspecified

Exploit Intelligence

https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-546v-59j5-g95q (nist-nvd)
https://github.com/MisterTea/EternalTerminal/releases/tag/et-v6.2.0 (circl)
[oss-security] 20230216 EternalTerminal: Review report and findings (predictable /tmp file paths and file permission issues, 3 CVEs) (circl)

Timeline

Aug 16, 2022 CVE Published
Aug 16, 2022 EPSS Score
Oct 1, 2022 EPSS Score
Nov 16, 2022 EPSS Score
Jan 1, 2023 EPSS Score
Feb 16, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 3, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 4, 2023 EPSS Score
Aug 19, 2023 EPSS Score
Oct 4, 2023 EPSS Score

References

https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-546v-59j5-g95q url
https://github.com/MisterTea/EternalTerminal/releases/tag/et-v6.2.0 url
[oss-security] 20230216 EternalTerminal: Review report and findings (predictable /tmp file paths and file permission issues, 3 CVEs) mailing-list

Open in Interactive Console →