CVE-2022-36633
Published: 24 August 2022
Summary
CVE-2022-36633 is a high-severity OS Command Injection (CWE-78) vulnerability in Goteleport Teleport. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 3.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Teleport 9.3.6 contains a command-injection vulnerability, tracked as CVE-2022-36633 and assigned CWE-78, that permits remote code execution. The flaw resides in the handling of SSH agent installation links; an attacker can supply a URL-encoded bash escape sequence containing carriage-return line-feed characters in place of a legitimate token.
An unauthenticated attacker can deliver the crafted link through a social-engineering message that leverages the trusted Teleport server as the delivery channel. Successful exploitation grants the attacker the ability to execute arbitrary commands on the victim system with the privileges of the Teleport process, corresponding to the CVSS 8.8 rating that reflects network attack vector, low complexity, and high impact on confidentiality, integrity, and availability.
Public references consist primarily of exploit artifacts published on Packet Storm and the upstream Teleport GitHub repository; no explicit patch or mitigation guidance is supplied in the available references. The associated EPSS score has reached a peak of 0.3162 with a current value of 0.3029.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-6495
Vulnerability details
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used…
more
in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.