A memory corruption vulnerability (CVE-2020-12651) was fixed in the latest version 8.7.2 of SecureCRT. When the CSI function receives a large negative number as a parameter, it may allow the remote system to destroy the memory in the terminal process, resulting in the execution of arbitrary code or the program crashes. An attacker may exploit this vulnerability in a manner similar to the SSH banner.
- SecureCRT Version < 8.7.2
- SecureCRT Version >= 8.7.2
Users should update SecureCRT to the Unaffected version. In addition, for hosts that cannot be fully trusted, avoid using terminal emulation software to connect, and beware of malicious hosts using vulnerabilities in terminal emulation software to harm the host.