CVE-2023-46301

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 22, 2023

Updated: Oct 31, 2023

CWE ID 116

Summary

CVE-2023-46301 is a newly disclosed vulnerability affecting iTerm2 version prior to 3.4.20. This issue permits potentially remote attackers to execute arbitrary code due to the terminal emulator's mishandling of specific escape sequences related to file uploads. An attacker could exploit this vulnerability by tricking a user into opening a malicious file or link, resulting in code execution within the iTerm2 session. Users are strongly advised to update their iTerm2 software to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

iTerm2

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tGA7I_
https://www.cve.org/CVERecord?id=CVE-2023-46301
https://nvd.nist.gov/vuln/detail/CVE-2023-46301

Back to Vulnerability Database

CVE-2023-46301

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations