Unauthenticated Remote Command Execution in Mobatek MobaXterm 10.4

Unauthenticated Remote Command Execution in Mobatek MobaXterm 10.4

CVE-2017-15376 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23.

Learn more about our Web Application Penetration Testing UK.