CVE-2020-12651: SecureCRT Memory Corruption Vulnerability Alert

by ddos · May 16, 2020

A memory corruption vulnerability (CVE-2020-12651) was fixed in the latest version 8.7.2 of SecureCRT. When the CSI function receives a large negative number as a parameter, it may allow the remote system to destroy the memory in the terminal process, resulting in the execution of arbitrary code or the program crashes. An attacker may exploit this vulnerability in a manner similar to the SSH banner. CVE-2020-12651

Affected version

SecureCRT Version < 8.7.2

Unaffected version

SecureCRT Version >= 8.7.2

Solution

Users should update SecureCRT to the Unaffected version. In addition, for hosts that cannot be fully trusted, avoid using terminal emulation software to connect, and beware of malicious hosts using vulnerabilities in terminal emulation software to harm the host.

CVE-2020-12651: SecureCRT Memory Corruption Vulnerability Alert

Affected version

Unaffected version

Solution

Search

Brilliantly

Content & Links