Denial of Service Vulnerability in MobaXterm Product by Mobatek
CVE-2021-28847

7.5HIGH

Key Information:

Vendor: Mobatek
Status: Mobaxterm
Vendor: CVE Published:; 3 June 2021

What is CVE-2021-28847?

An issue exists in MobaXterm versions prior to 21.0 that allows remote servers to initiate denial of service attacks. By sending rapid tab title change requests, attackers can cause significant disruption to the GUI, leading to an unresponsive user interface. This vulnerability takes advantage of repeated calls to SetWindowTextA or SetWindowTextW, which can overload the Windows GUI, resulting in a noticeable hang that affects user experience.

References

https://mobaxterm.mobatek.net/preview.html

x_refsource_MISC

https://mobaxterm.mobatek.net/download-home-edition.html

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2021
Vulnerability Reserved
Mar 19, 2021