Lucene search
HistoryOct 03, 2022 - 4:14 p.m.
CVE-2013-4436
cve-2013-4436
salt
saltstack
ssh
host key
validation
remote attackers
mitm
nvd
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.2%
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.
Affected configurations
Node
saltstacksaltMatch0.17.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| saltstack:salt | saltstack salt | eq | 0.17.0 |
Related
github
github
SaltStack MITM SSH attack in salt-ssh
2022-05-17 04:58:29
prion
prion
Default configuration
2013-11-05 18:55:00
cvelist
cvelist
CVE-2013-4436
2022-10-03 16:14:57
debiancve
debiancve
CVE-2013-4436
2022-10-03 16:14:57
veracode
veracode
Man-in-the-Middle (MITM)
2024-05-06 04:53:53
nvd
nvd
CVE-2013-4436
2013-11-05 18:55:04
osv
osv
PYSEC-2013-26
2013-11-05 18:55:00
ubuntucve
ubuntucve
CVE-2013-4436
2013-11-05 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: salt-0.17.1-1.fc20
2013-11-10 06:31:10
nessus
nessus
Fedora 20 : salt-0.17.1-1.fc20 (2013-19438)
2013-11-11 00:00:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.2%
Related for CVE-2013-4436