CVE-2015-7244
MobaXterm < 8.2 - Unauthenticated Remote Command Execution via X11 Connection
Title source: llmDescription
The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://blog.mobatek.net/post/mobaxterm-new-release-8.3/
Various Sources x_refsource_misc
http://www.securifera.com/advisories/cve-2015-7244
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/316888
Scores
EPSS
0.0505
EPSS Percentile
91.3%
Details
CWE
CWE-284
Status
published
Products (1)
mobatek/mobaxterm
< 8.2
Published
Nov 04, 2015
Tracked Since
Feb 18, 2026