Lucene search

WolfSSLCVELIST:CVE-2024-2873

HistoryMar 25, 2024 - 9:58 p.m.

CVE-2024-2873 User authentication bypass in wolfSSH server

2024-03-2521:58:52

CWE-287

wolfSSL

www.cve.org

vulnerability

wolfssh

authentication

bypass

unauthorized access

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

A vulnerability was found in wolfSSH’s server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "wolfSSH",
    "repo": "https://github.com/wolfSSL/wolfssh",
    "vendor": "wolfSSL Inc.",
    "versions": [
      {
        "lessThanOrEqual": "v1.4.16",
        "status": "affected",
        "version": "0",
        "versionType": "release bundle"
      }
    ]
  }
]

References

github.com/wolfSSL/wolfssh/pull/670

github.com/wolfSSL/wolfssh/pull/671

www.wolfssl.com/docs/security-vulnerabilities/

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for CVELIST:CVE-2024-2873