CVE-2021-36369

2022-10-1221:15:09

CWE-287

[email protected]

web.nvd.nist.gov

dropbear 2020.81

ssh server

fido2 tokens

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

40.1%

JSON

An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed.

Affected configurations

Nvd

Node

dropbear_ssh_projectdropbear_sshRange≤2020.81

Node

debiandebian_linuxMatch10.0

VendorProductVersionCPE
dropbear_ssh_projectdropbear_ssh*cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dropbear_ssh_project	dropbear_ssh	*	cpe:2.3:a:dropbear_ssh_project:dropbear_ssh::::::::
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*