Security Advisory
VanDyke Software VShell for Windows Remote Execution via Triggers
Risk assessment: Medium
Posted: February 1, 2022
Description
When a trigger action was configured to run a script, a user could use a maliciously crafted value that would be passed to the trigger and cause an arbitrary command to be launched on the VShell host machine.
Products Not Affected
- VShell for Windows: versions 4.6.3 and newer
- VShell for Unix, Linux, and Mac: all versions
Products Affected
- VShell for Windows: versions 4.6.2 and earlier
Recommended Solution
Upgrade to VShell 4.6.3 or newer on Windows
Vulnerability Fix Downloads
Revision History
February 1, 2022 – Security Advisory Published