Arbitrary Command Execution in Telerik Fiddler Tool by Progress Software
CVE-2020-13661

8.8HIGH

Key Information:

Vendor

Telerik

Status
Fiddler
Vendor
CVE Published:
5 November 2020

What is CVE-2020-13661?

The Telerik Fiddler tool, specifically in versions up to 5.0.20202.18177, is prone to a vulnerability that allows attackers to execute arbitrary programs when a user selects the 'Open On Browser' option. This issue arises when a crafted hostname containing a trailing space character is utilized, followed by specific command line parameters and a path to a locally installed application. Users are encouraged to update to version 5.0.20204 or later to mitigate this risk.

References

https://www.telerik.com/support/whats-new/release-history
x_refsource_MISC
https://www.nagenrauft-consulting.com/blog/
x_refsource_MISC
https://www.telerik.com/support/whats-new/fiddler/release...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.