Lucene search

[email protected]CVE-2014-8779

HistoryFeb 03, 2015 - 4:59 p.m.

CVE-2014-8779

2015-02-0316:59:00

CWE-254

[email protected]

web.nvd.nist.gov

pexip infinity

cve-2014-8779

ssh

man-in-the-middle attack

security vulnerability

6.6 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

0.001 Low

EPSS

Percentile

40.9%

JSON

Pexip Infinity before 8 uses the same SSH host keys across different customers’ installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.

CPENameOperatorVersion
pexip:pexip_infinitypexip pexip infinityle7.0

CPE	Name	Operator	Version
pexip:pexip_infinity	pexip pexip infinity	le	7.0

References

packetstormsecurity.com/files/130174/Pexip-Infinity-Non-Unique-SSH-Host-Keys.html

www.pexip.com/sites/pexip/files/Pexip_Security_Bulletin_2015-01-02.pdf

www.securityfocus.com/archive/1/534576/100/0/threaded

www.securityfocus.com/bid/72359

6.6 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

0.001 Low

EPSS

Percentile

40.9%

JSON

Related for CVE-2014-8779

prion1 securityvulns2 cvelist1