Fri. May 29th, 2020

CVE-2020-12651: SecureCRT Memory Corruption Vulnerability Alert

1 min read

A memory corruption vulnerability (CVE-2020-12651) was fixed in the latest version 8.7.2 of SecureCRT. When the CSI function receives a large negative number as a parameter, it may allow the remote system to destroy the memory in the terminal process, resulting in the execution of arbitrary code or the program crashes. An attacker may exploit this vulnerability in a manner similar to the SSH banner.CVE-2020-12651

Affected version

  • SecureCRT Version < 8.7.2

Unaffected version

  • SecureCRT Version >= 8.7.2

Solution

Users should update SecureCRT to the Unaffected version. In addition, for hosts that cannot be fully trusted, avoid using terminal emulation software to connect, and beware of malicious hosts using vulnerabilities in terminal emulation software to harm the host.