Remote Code Execution via Command Injection in Teleport 9.3.6

Remote Code Execution via Command Injection in Teleport 9.3.6

CVE-2022-36633 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.

Learn more about our Cis Benchmark Audit For Server Software.