VanDyke Software

Security Advisory

Got a question or comment?   Send us a question or comment

Security Advisory

VanDyke Software VShell for Windows Remote Execution via Triggers

Risk assessment: Medium

Posted: February 1, 2022

Description

When a trigger action was configured to run a script, a user could use a maliciously crafted value that would be passed to the trigger and cause an arbitrary command to be launched on the VShell host machine.

Products Not Affected

  • VShell for Windows: versions 4.6.3 and newer
  • VShell for Unix, Linux, and Mac: all versions

Products Affected

  • VShell for Windows: versions 4.6.2 and earlier

Recommended Solution

Upgrade to VShell 4.6.3 or newer on Windows

Vulnerability Fix Downloads

VShell for Windows 4.6.3 or later

Revision History

February 1, 2022 – Security Advisory Published

Related Links

VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.