vulnerability
SUSE: CVE-2022-24950: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:S/C:C/I:C/A:C) | Aug 16, 2022 | Nov 3, 2022 | Jan 28, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:S/C:C/I:C/A:C)
Published
Aug 16, 2022
Added
Nov 3, 2022
Modified
Jan 28, 2025
Description
A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().
Solution
suse-upgrade-eternalterminal
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.