Vulnerability Details CVE-2022-38337
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.9%
CVSS Severity
CVSS v3 Score 9.1
References
Products affected by CVE-2022-38337
-
cpe:2.3:a:mobatek:mobaxterm:-
-
cpe:2.3:a:mobatek:mobaxterm:1.0
-
cpe:2.3:a:mobatek:mobaxterm:10.0
-
cpe:2.3:a:mobatek:mobaxterm:10.1
-
cpe:2.3:a:mobatek:mobaxterm:10.2
-
cpe:2.3:a:mobatek:mobaxterm:10.4
-
cpe:2.3:a:mobatek:mobaxterm:10.5
-
cpe:2.3:a:mobatek:mobaxterm:10.6
-
cpe:2.3:a:mobatek:mobaxterm:10.7
-
cpe:2.3:a:mobatek:mobaxterm:10.8
-
cpe:2.3:a:mobatek:mobaxterm:10.9
-
cpe:2.3:a:mobatek:mobaxterm:11.0
-
cpe:2.3:a:mobatek:mobaxterm:11.1
-
cpe:2.3:a:mobatek:mobaxterm:12.0
-
cpe:2.3:a:mobatek:mobaxterm:12.1
-
cpe:2.3:a:mobatek:mobaxterm:12.2
-
cpe:2.3:a:mobatek:mobaxterm:12.3
-
cpe:2.3:a:mobatek:mobaxterm:12.4
-
cpe:2.3:a:mobatek:mobaxterm:2.0
-
cpe:2.3:a:mobatek:mobaxterm:2.1
-
cpe:2.3:a:mobatek:mobaxterm:2.2
-
cpe:2.3:a:mobatek:mobaxterm:20.0
-
cpe:2.3:a:mobatek:mobaxterm:20.1
-
cpe:2.3:a:mobatek:mobaxterm:20.2
-
cpe:2.3:a:mobatek:mobaxterm:20.3
-
cpe:2.3:a:mobatek:mobaxterm:20.4
-
cpe:2.3:a:mobatek:mobaxterm:20.5
-
cpe:2.3:a:mobatek:mobaxterm:20.6
-
cpe:2.3:a:mobatek:mobaxterm:21.0
-
cpe:2.3:a:mobatek:mobaxterm:21.1
-
cpe:2.3:a:mobatek:mobaxterm:21.2
-
cpe:2.3:a:mobatek:mobaxterm:21.3
-
cpe:2.3:a:mobatek:mobaxterm:21.4
-
cpe:2.3:a:mobatek:mobaxterm:21.5
-
cpe:2.3:a:mobatek:mobaxterm:22.0
-
cpe:2.3:a:mobatek:mobaxterm:22.1
-
cpe:2.3:a:mobatek:mobaxterm:22.2
-
cpe:2.3:a:mobatek:mobaxterm:3.0
-
cpe:2.3:a:mobatek:mobaxterm:3.2
-
cpe:2.3:a:mobatek:mobaxterm:4.0
-
cpe:2.3:a:mobatek:mobaxterm:4.2
-
cpe:2.3:a:mobatek:mobaxterm:4.4
-
cpe:2.3:a:mobatek:mobaxterm:4.5
-
cpe:2.3:a:mobatek:mobaxterm:5.0
-
cpe:2.3:a:mobatek:mobaxterm:5.1
-
cpe:2.3:a:mobatek:mobaxterm:6.0
-
cpe:2.3:a:mobatek:mobaxterm:6.1
-
cpe:2.3:a:mobatek:mobaxterm:6.2
-
cpe:2.3:a:mobatek:mobaxterm:6.3
-
cpe:2.3:a:mobatek:mobaxterm:6.5
-
cpe:2.3:a:mobatek:mobaxterm:6.6
-
cpe:2.3:a:mobatek:mobaxterm:7.0
-
cpe:2.3:a:mobatek:mobaxterm:7.1
-
cpe:2.3:a:mobatek:mobaxterm:7.2
-
cpe:2.3:a:mobatek:mobaxterm:7.3
-
cpe:2.3:a:mobatek:mobaxterm:7.4
-
cpe:2.3:a:mobatek:mobaxterm:7.5
-
cpe:2.3:a:mobatek:mobaxterm:7.6
-
cpe:2.3:a:mobatek:mobaxterm:7.7
-
cpe:2.3:a:mobatek:mobaxterm:8.0
-
cpe:2.3:a:mobatek:mobaxterm:8.1
-
cpe:2.3:a:mobatek:mobaxterm:8.2
-
cpe:2.3:a:mobatek:mobaxterm:8.3
-
cpe:2.3:a:mobatek:mobaxterm:8.4
-
cpe:2.3:a:mobatek:mobaxterm:8.5
-
cpe:2.3:a:mobatek:mobaxterm:8.6
-
cpe:2.3:a:mobatek:mobaxterm:9.0
-
cpe:2.3:a:mobatek:mobaxterm:9.1
-
cpe:2.3:a:mobatek:mobaxterm:9.2
-
cpe:2.3:a:mobatek:mobaxterm:9.3
-
cpe:2.3:a:mobatek:mobaxterm:9.4