Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.10248
Percentile: 0.92798

CVSS Scoring

Affected Products

• cpe:2.3:a:microsoft:telnet_client:5.1.2600.2180:*:*:*:*:*:*:*
• cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*
• cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*

← Back to Home