CVE-2015-7244

MobaXterm < 8.2 - Unauthenticated Remote Command Execution via X11 Connection

Title source: llm
STIX 2.1

Description

The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets.

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://blog.mobatek.net/post/mobaxterm-new-release-8.3/
Various Sources x_refsource_misc
http://www.securifera.com/advisories/cve-2015-7244
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/316888

Scores

EPSS 0.0505
EPSS Percentile 91.3%

Details

CWE
CWE-284
Status published
Products (1)
mobatek/mobaxterm < 8.2
Published Nov 04, 2015
Tracked Since Feb 18, 2026