Lucene search
HistoryOct 03, 2022 - 4:14 p.m.
CVE-2013-4436
cve-2013-4436
salt
saltstack
ssh
host key
validation
remote attackers
mitm
nvd
6.9 Medium
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
60.9%
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.
Affected configurations
Node
saltstacksaltMatch0.17.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| saltstack:salt | saltstack salt | eq | 0.17.0 |
Related
github
github
SaltStack MITM SSH attack in salt-ssh
2022-05-17 04:58:29
veracode
veracode
Man-in-the-Middle (MITM)
2024-05-06 04:53:53
prion
prion
Default configuration
2013-11-05 18:55:00
debiancve
debiancve
CVE-2013-4436
2022-10-03 16:14:57
cvelist
cvelist
CVE-2013-4436
2022-10-03 16:14:57
nvd
nvd
CVE-2013-4436
2013-11-05 18:55:04
osv
osv
PYSEC-2013-26
2013-11-05 18:55:00
ubuntucve
ubuntucve
CVE-2013-4436
2013-11-05 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: salt-0.17.1-1.fc20
2013-11-10 06:31:10
nessus
nessus
Fedora 20 : salt-0.17.1-1.fc20 (2013-19438)
2013-11-11 00:00:00
6.9 Medium
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
60.9%
Related for CVE-2013-4436