CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13661
https://notcve.org/view.php?id=CVE-2020-13661
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser option. Fixed in version 5.0.20204. Telerik Fiddler versiones hasta 5.0.20202.18177, permite a atacantes ejecutar programas arbitrarios por medio de un nombre de host con un carácter de espacio final, seguido de --utility-and-browser --utility-cmd-prefix= y el nombre de ruta de un programa instalado localmente. La víctima debe elegir interactivamente la opción Open On Browser. • https://www.nagenrauft-consulting.com/blog https://www.telerik.com/support/whats-new/fiddler/release-history/fiddler-v5.0.20204 https://www.telerik.com/support/whats-new/release-history •