Lucene search
MitreCVE-2018-15599HistoryAug 21, 2018 - 1:29 a.m.
CVE-2018-15599
2018-08-2101:29:00
CWE-200
mitre
web.nvd.nist.gov
120
cve-2018-15599
dropbear
user enumeration
vulnerability
ssh
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
5.8
Confidence
High
EPSS
0.024
Percentile
89.9%
The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.
Affected configurations
Node
debiandebian_linuxMatch8.0
Node
dropbear_ssh_projectdropbear_sshRange≤2018.76
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | 8.0 | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
| dropbear_ssh_project | dropbear_ssh | * | cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:* |
References
Related
alpinelinux
alpinelinux
CVE-2018-15599
2018-08-21 01:29:00
CVE-2018-15473
2018-08-17 19:29:00
openvas
openvas
Debian: Security Advisory (DLA-1476-1)
2018-09-02 00:00:00
Mageia: Security Advisory (MGASA-2018-0384)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2019-1008)
2020-01-23 00:00:00
ubuntucve
ubuntucve
debian
debian
[SECURITY] [DLA 1476-1] dropbear security update
2018-08-27 13:34:31
[SECURITY] [DSA 4280-1] openssh security update
2018-08-22 06:23:19
[SECURITY] [DLA-1474-1] openssh security update
2018-08-21 17:17:47
osv
osv
CVE-2018-15599
2018-08-21 01:29:00
dropbear - security update
2018-08-24 00:00:00
signing-party-2.11-1.3 on GA media
2024-06-15 00:00:00
nvd
nvd
nessus
nessus
Debian DLA-1476-1 : dropbear security update
2018-08-28 00:00:00
EulerOS Virtualization 2.5.1 : openssh (EulerOS-SA-2018-1411)
2018-12-28 00:00:00
Fedora 28 : openssh (2018-065a7722ee)
2019-01-03 00:00:00
prion
prion
Design/Logic Flaw
2018-08-21 01:29:00
Design/Logic Flaw
2020-12-30 20:15:00
Design/Logic Flaw
2018-08-17 19:29:00
debiancve
debiancve
cvelist
cvelist
mageia
mageia
Updated dropbear packages fix security vulnerability
2018-09-21 19:26:22
Updated openssh packages fix security vulnerability
2018-09-01 00:11:59
redhatcve
redhatcve
CVE-2019-12953
2022-05-20 23:36:12
CVE-2018-15473
2018-08-20 01:49:24
cve
cve
CVE-2019-12953
2020-12-30 20:15:14
CVE-2018-15473
2018-08-17 19:29:00
suse
suse
Security update for openssh (moderate)
2018-11-30 00:08:46
Security update for ssh-audit (moderate)
2021-10-18 00:00:00
Security update for ssh-audit (moderate)
2021-10-21 00:00:00
ibm
ibm
veracode
veracode
Information Disclosure
2019-05-16 03:38:57
citrix
citrix
Citrix Hypervisor Security Update
2020-04-30 04:00:00
f5
f5
K28942395 : OpenSSH vulnerability CVE-2018-15473
2018-09-28 00:00:00
redhat
redhat
(RHSA-2019:2143) Low: openssh security, bug fix, and enhancement update
2019-08-06 08:06:09
(RHSA-2019:0711) Low: openssh security update
2019-04-09 06:48:22
packetstorm
packetstorm
OpenSSH User Enumeration
2018-12-05 00:00:00
SSH Username Enumeration
2024-09-01 00:00:00
exploitdb
exploitdb
OpenSSH < 7.7 - User Enumeration (2)
2018-12-04 00:00:00
OpenSSH 2.3 < 7.7 - Username Enumeration (PoC)
2018-08-16 00:00:00
OpenSSH 2.3 < 7.7 - Username Enumeration
2018-08-21 00:00:00
oraclelinux
oraclelinux
openssh security update
2019-04-10 00:00:00
openssh security, bug fix, and enhancement update
2019-08-13 00:00:00
centos
centos
openssh, pam_ssh_agent_auth security update
2019-08-30 03:49:22
openssh, pam_ssh_agent_auth security update
2019-04-12 13:56:07
checkpoint_advisories
checkpoint_advisories
OpenSSH sshd Username Information Disclosure (CVE-2018-15473)
2019-01-21 00:00:00
exploitpack
exploitpack
OpenSSH 7.7 - User Enumeration (2)
2018-12-04 00:00:00
OpenSSH 2.3 7.7 - Username Enumeration
2018-08-21 00:00:00
aix
aix
Vulnerabilities in OpenSSH affect AIX.
2018-10-24 11:28:50
fedora
fedora
[SECURITY] Fedora 28 Update: openssh-7.8p1-1.fc28
2018-08-30 04:59:02
[SECURITY] Fedora 27 Update: openssh-7.6p1-6.fc27
2018-09-13 17:06:58
gentoo
gentoo
OpenSSH: User enumeration vulnerability
2018-10-06 00:00:00
amazon
amazon
Low: openssh
2018-09-20 20:10:00
Low: openssh
2018-09-05 20:41:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssh version 7.2p2-alt2.M80P.2
2018-08-27 00:00:00
Security fix for the ALT Linux 8 package openssh version 7.2p2-alt2.M80P.1
2018-08-24 00:00:00
canvas
canvas
Immunity Canvas: SSH_ENUM
2018-08-17 19:29:00
zdt
zdt
OpenSSH 7.7 - Username Enumeration Exploit
2018-08-22 00:00:00
OpenSSH < 7.7 - User Enumeration Exploit (2)
2018-12-04 00:00:00
ubuntu
ubuntu
OpenSSH regression
2021-08-12 00:00:00
OpenSSH vulnerabilities
2018-11-06 00:00:00
cloudfoundry
cloudfoundry
USN-3809-1: OpenSSH vulnerabilities | Cloud Foundry
2018-11-20 00:00:00
USN-3809-2: OpenSSH regression | Cloud Foundry
2021-09-07 00:00:00
photon
photon
symantec
symantec
OpenSSH Vulnerabilities Jan-Aug 2018
2018-11-29 08:01:01
metasploit
metasploit
SSH Username Enumeration
2014-11-11 20:59:41
githubexploit
githubexploit
Exploit for Race Condition in Openbsd Openssh
2024-07-01 20:45:53
Exploit for CVE-2014-4210
2022-03-19 01:54:15
Exploit for CVE-2014-4210
2022-03-19 01:54:15
ics
ics
Siemens SCALANCE X-200RNA Switch Devices
2022-12-19 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2020
2020-01-14 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
5.8
Confidence
High
EPSS
0.024
Percentile
89.9%
Related for CVE-2018-15599