Moderate
iTerm2 with tmux integration is vulnerable to remote command execution
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
iTerm2 with tmux integration is vulnerable to remote command execution
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
A vulnerability exists in the way that iTerm2 integrates with tmux’s control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on their victim’s computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content.
Add Assessment
Ratings
-
Attacker ValueMedium
-
ExploitabilityVery Low
Technical Analysis
It’s probably just as important to choose terminal emulators that have minimal feature sets if you are doing administration work in the first place. iTerm2 in particular has a lot of features that are internally labeled as insecure, so it probably makes sense to evaluate if you are actually using those features and if you need them.
A maybe growing thread on exploitation: https://twitter.com/TheColonial/status/1182032288785166336
Also here’s where to disable some of the other features by answering ‘Yes’ to this setting.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
