Fortiguard

Command Injection Vulnerability CVE-2019-16305 for Mobatek MobaXterm

Description

In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved.

Affected Applications

MobaXterm

CVE References

CVE-2019-16305

Other References

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16305

ID	4251
Created	Feb 23, 2022
Description Updated	Feb 23, 2022
Severity
Coverage	FortiClient
OS	Windows
Vendor	Mobatek
Patch	manual
Application	MobaXterm

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiGate

FortiClient

FortiSandBox

FortiMail

FortiADC

FortiWeb

FortiCNP

FortiNDR

FortiDeceptor

FortiEDR

FortiAnalyzer

FortiTester

Threat Encyclopedia

Command Injection Vulnerability CVE-2019-16305 for Mobatek MobaXterm

Description

Affected Applications

CVE References

Other References

Telemetry

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiGate

FortiClient

FortiSandBox

FortiMail

FortiADC

FortiWeb

FortiCNP

FortiNDR

FortiDeceptor

FortiEDR

FortiAnalyzer

FortiTester

Threat Intelligence Center

Resource Center

About

About FortiGuard Labs

Partners

Threat Encyclopedia

Command Injection Vulnerability CVE-2019-16305 for Mobatek MobaXterm

Description

Affected Applications

CVE References

Other References

Telemetry

Threat Intelligence
Center