CVE-2024-38396

CVSS 9.8 CRITICALEPSS 1.7%CWE-94

Vexday Risk Score

48Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.8EPSS 1.7%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

16 Jun 2024Published on NVD

16 Jun 2024Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 1

githubgithub.com/vin01/poc-cve-2024-38396★ 19

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gitlab.com/gnachman/iterm2/-/commit/fc60236a914d63fb70a5c632e211203a4f1bd4dd https://iterm2.com/downloads.html https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html http://www.openwall.com/lists/oss-security/2024/06/17/1