CVE-2022-36633

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
goteleportteleport
𝑥
< 10.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/168477/Teleport-10.1.1-Remote-Code-Execution.html
https://github.com/gravitational/teleport
https://packetstormsecurity.com/files/168137/Teleport-9.3.6-Command-Injection.html
http://packetstormsecurity.com/files/168477/Teleport-10.1.1-Remote-Code-Execution.html
https://github.com/gravitational/teleport
https://packetstormsecurity.com/files/168137/Teleport-9.3.6-Command-Injection.html