Lucene search

[email protected]NVD:CVE-2023-46446

HistoryNov 14, 2023 - 3:15 a.m.

CVE-2023-46446

2023-11-1403:15:09

CWE-639

[email protected]

web.nvd.nist.gov

asyncssh

remote control

rogue session attack

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

36.8%

JSON

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a “Rogue Session Attack.”

Affected configurations

NVD

Node

asyncssh_projectasyncsshRange<2.14.1

References

packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html

github.com/advisories/GHSA-c35q-ffpf-5qpm

github.com/ronf/asyncssh/blob/develop/docs/changes.rst

github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE/

security.netapp.com/advisory/ntap-20231222-0001/

www.terrapin-attack.com

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

36.8%

JSON

Related for NVD:CVE-2023-46446

prion1 f51 cve1 osv3 ubuntucve1 veracode1 github1 cvelist1 redhatcve1 debiancve1 fedora1 nessus1 openvas1