CVE-2024-57061
📋 TL;DR
This vulnerability allows a physically proximate attacker to execute arbitrary code on Termius installations due to insufficient Electron Fuses configuration. It affects Termius versions 9.9.0 through 9.16.0. Attackers need physical access to the device to exploit this.
💻 Affected Systems
- Termius
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining complete control over the device, potentially leading to data theft, credential harvesting, and lateral movement within the network.
Likely Case
Local privilege escalation allowing attacker to execute code with Termius privileges, potentially accessing stored SSH keys, credentials, and sensitive configuration data.
If Mitigated
Limited impact if proper physical security controls prevent unauthorized access to devices running Termius.
🎯 Exploit Status
Exploitation requires physical access to the device. The vulnerability is well-documented with public proof-of-concept references available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 9.17.0 or later
Vendor Advisory: https://sha999.medium.com/cve-2024-57061-termius-insufficient-electron-fuses-configuration-limited-disclosure-ab00d0970159
Restart Required: Yes
Instructions:
1. Open Termius application. 2. Check for updates via application menu. 3. Install version 9.17.0 or later. 4. Restart Termius to apply the fix.
🔧 Temporary Workarounds
Disable Termius Auto-start
allPrevent Termius from running automatically to reduce attack surface
systemctl --user disable termius.service
launchctl unload ~/Library/LaunchAgents/com.termius.agent.plist
Restrict Physical Access
allImplement physical security controls to prevent unauthorized device access
🧯 If You Can't Patch
- Uninstall Termius from devices where physical security cannot be guaranteed
- Implement strict physical access controls and device locking policies
🔍 How to Verify
Check if Vulnerable:
Check Termius version in application settings or via 'termius --version' command. If version is between 9.9.0 and 9.16.0 inclusive, the system is vulnerable.Check Version:
termius --versionVerify Fix Applied:
Verify Termius version is 9.17.0 or later. Check that Electron Fuses configuration includes proper security settings as documented in Electron security guides.📡 Detection & Monitoring
Log Indicators:
- Unusual process execution from Termius context
- Suspicious child processes spawned by Termius
- Unexpected file modifications in Termius directories
Network Indicators:
- Unexpected outbound connections from Termius process
- SSH connections to unusual destinations
SIEM Query:
process_name:"Termius" AND (process_child_count > 5 OR process_command_line:"inject" OR process_command_line:"fuse")🔗 References
- https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection
- https://sha999.medium.com/cve-2024-57061-termius-insufficient-electron-fuses-configuration-limited-disclosure-ab00d0970159
- https://www.electron.build/tutorials/adding-electron-fuses.html
- https://sha999.medium.com/cve-2024-57061-termius-insufficient-electron-fuses-configuration-limited-disclosure-ab00d0970159
