Show plain JSON{"id": "CVE-2019-9535", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-10-09T20:15:33.363", "references": [{"url": "https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/", "tags": ["Exploit", "Third Party Advisory"], "source": "cret@cert.org"}, {"url": "https://groups.google.com/forum/#%21topic/iterm2-discuss/57k_AuLdQa4", "source": "cret@cert.org"}, {"url": "https://kb.cert.org/vuls/id/763073/", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://groups.google.com/forum/#%21topic/iterm2-discuss/57k_AuLdQa4", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://kb.cert.org/vuls/id/763073/", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cret@cert.org", "description": [{"lang": "en", "value": "CWE-349"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on their victim's computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content."}, {"lang": "es", "value": "Se presenta una vulnerabilidad en la manera en que iTerm2 se integra con el modo de control de tmux, lo que puede permitir a un atacante ejecutar comandos arbitrarios al proporcionar una salida maliciosa al terminal. Esto afecta a versiones de iTerm2 hasta 3.3.5 incluy\u00e9ndola. Esta vulnerabilidad puede permitir a un atacante ejecutar comandos arbitrarios en la computadora de su v\u00edctima al proporcionar una salida maliciosa al terminal. Podr\u00eda ser explotada utilizando recursos de la l\u00ednea de comandos que imprimen contenido controlado por el atacante."}], "lastModified": "2024-11-21T04:51:48.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1132D3C-F86C-4FC1-ABF4-E1B43EB206F9", "versionEndIncluding": "3.3.5"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"} 