Lucene search

[email protected]CVE-2023-46446

HistoryNov 14, 2023 - 3:15 a.m.

CVE-2023-46446

2023-11-1403:15:09

CWE-639

[email protected]

web.nvd.nist.gov

asyncssh

cve-2023-46446

ssh

security vulnerability

packet injection

shell emulation

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

JSON

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a “Rogue Session Attack.”

Affected configurations

NVD

Node

asyncssh_projectasyncsshRange<2.14.1

CPENameOperatorVersion
asyncssh_project:asyncsshasyncssh project asyncsshlt2.14.1

CPE	Name	Operator	Version
asyncssh_project:asyncssh	asyncssh project asyncssh	lt	2.14.1

References

packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html

github.com/advisories/GHSA-c35q-ffpf-5qpm

github.com/ronf/asyncssh/blob/develop/docs/changes.rst

github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE/

security.netapp.com/advisory/ntap-20231222-0001/

www.terrapin-attack.com

Social References

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

JSON

Related for CVE-2023-46446

prion1 f51 osv3 ubuntucve1 nvd1 veracode1 github1 cvelist1 redhatcve1 debiancve1 fedora1 nessus1 openvas1