Base Score

HIGH8.8

CVE-2022-36633

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.

VectorNETWORK

Published Bycve@mitre.org

Published DateAug 24, 2022, 13:15

Affected Versions(3)

github.com/gravitational/teleport(Go)

Introduced0

Fixed8.3.17

LimitN/A

github.com/gravitational/teleport(Go)

Introduced9.0.0

Fixed9.3.13

LimitN/A

github.com/gravitational/teleport(Go)

Introduced10.0.0

Fixed10.1.2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/gravitational/teleport(Go)	0	8.3.17	N/A
github.com/gravitational/teleport(Go)	9.0.0	9.3.13	N/A
github.com/gravitational/teleport(Go)	10.0.0	10.1.2	N/A

Weakness Type (CWE):CWE-78

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

Base Score

HIGH8.8

Weakness Type (CWE):CWE-78

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH