Lucene search
MitreCVELIST:CVE-2021-36370HistoryAug 30, 2021 - 6:37 p.m.
CVE-2021-36370
2021-08-3018:37:23
mitre
www.cve.org
2
0.004 Low
EPSS
Percentile
73.2%
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.
References
docs.ssh-mitm.at/CVE-2021-36370.html
github.com/MidnightCommander/mc/blob/5c1d3c55dd15356ec7d079084d904b7b0fd58d3e/src/vfs/sftpfs/connection.c#L484
github.com/MidnightCommander/mc/blob/master/src/vfs/sftpfs/connection.c
mail.gnome.org/archives/mc-devel/2021-August/msg00008.html
midnight-commander.org/
sourceforge.net/projects/mcwin32/files/
Related
ubuntucve
ubuntucve
CVE-2021-36370
2021-08-30 00:00:00
osv
osv
CVE-2021-36370
2021-08-30 19:15:08
mc vulnerability
2022-08-09 11:44:21
openvas
openvas
Ubuntu: Security Advisory (USN-5160-1)
2023-01-27 00:00:00
Mageia: Security Advisory (MGASA-2022-0086)
2022-03-07 00:00:00
debiancve
debiancve
CVE-2021-36370
2021-08-30 19:15:08
prion
prion
Code injection
2021-08-30 19:15:00
nessus
nessus
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Midnight Commander vulnerability (USN-5160-1)
2023-10-16 00:00:00
openSUSE 15 Security Update : mc (openSUSE-SU-2022:0061-1)
2022-03-02 00:00:00
Amazon Linux 2 : mc (ALAS-2023-2147)
2023-07-20 00:00:00
suse
suse
Security update for mc (moderate)
2022-03-01 00:00:00
cve
cve
CVE-2021-36370
2021-08-30 19:15:08
cbl_mariner
cbl_mariner
CVE-2021-36370 affecting package mc 4.8.21-4
2021-11-06 00:29:51
CVE-2021-36370 affecting package mc for versions less than 4.8.27-1
2022-04-09 06:51:56
nvd
nvd
CVE-2021-36370
2021-08-30 19:15:08
ubuntu
ubuntu
Midnight Commander vulnerability
2022-08-09 00:00:00
mageia
mageia
Updated mc packages fix security vulnerability
2022-03-06 13:40:17
veracode
veracode
Privilege Escalation
2021-09-05 01:45:45
amazon
amazon
Medium: mc
2023-07-17 17:40:00