Clipboard Mismanagement Vulnerability in PuTTY Affects User Sessions
CVE-2019-17068

7.5HIGH

Key Information:

Vendor

Putty

Status
Putty
Vendor
CVE Published:
1 October 2019

What is CVE-2019-17068?

PuTTY versions prior to 0.73 have a vulnerability where the 'bracketed paste mode' protection mechanism is improperly handled. This allows for potential exploitation via malicious clipboard content, which may compromise the integrity of user sessions. Users may unknowingly execute harmful commands or scripts, leading to unauthorized actions within their terminal sessions. It is crucial for users to update to a secured version of PuTTY to protect against this vulnerability.

References

https://lists.tartarus.org/pipermail/putty-announce/2019/...
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.