CVE-2020-12651: SecureCRT Memory Corruption Vulnerability Alert
A memory corruption vulnerability (CVE-2020-12651) was fixed in the latest version 8.7.2 of SecureCRT. When the CSI function receives a large negative number as a parameter, it may allow the remote system to destroy the memory in the terminal process, resulting in the execution of arbitrary code or the program crashes. An attacker may exploit this vulnerability in a manner similar to the SSH banner.
Affected version
- SecureCRT Version < 8.7.2
Unaffected version
- SecureCRT Version >= 8.7.2
Solution
Users should update SecureCRT to the Unaffected version. In addition, for hosts that cannot be fully trusted, avoid using terminal emulation software to connect, and beware of malicious hosts using vulnerabilities in terminal emulation software to harm the host.