CVE-2024-23749

HIGH

9bis/kitty < 0.76.1.13 - Command Injection via Filename Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-23749. PoCs published by DEFCESCO.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in KiTTY 0.76.1.13 by crafting a malicious escape sequence that executes a PowerShell payload when processed by the terminal emulator. The payload is a bind shell that listens on a specified port for remote command execution.

Description

KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.

Exploits (1)

exploitdb WORKING POC

by DEFCESCO · pythonlocalwindows

https://www.exploit-db.com/exploits/51892

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in KiTTY 0.76.1.13 by crafting a malicious escape sequence that executes a PowerShell payload when processed by the terminal emulator. The payload is a bind shell that listens on a specified port for remote command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: KiTTY ≤ 0.76.1.13

No auth needed

Prerequisites: Victim must open a malicious file or receive the escape sequence via terminal input

MITRE ATT&CK

T1059.001 - PowerShell T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html

Exploit, Third Party Advisory

https://blog.defcesco.io/CVE-2024-23749

Exploit, Mailing List, Third Party Advisory mailing-list

http://seclists.org/fulldisclosure/2024/Feb/13

Exploit, Mailing List, Third Party Advisory mailing-list

http://seclists.org/fulldisclosure/2024/Feb/14

Scores

CVSS v3 7.8

EPSS 0.0469

EPSS Percentile 90.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (1)

9bis/kitty < 0.76.1.13

Published Feb 09, 2024

Tracked Since Feb 18, 2026