CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

IBM Security Bulletins•added 2025/12/19 8:17 p.m.•5 views

Security Bulletin: IBM Storage Ceph is vulnerable to a Rogue Session Attack and Rogue Extension Negotiation in python-asyncssh (CVE-2023-46446, CVE-2023-46445)

Summary python-asyncssh is used by IBM Storage Ceph as an asynchronous client and server implementation of the SSHv2 protocol. CVE-2023-46446, CVE-2023-46445 Vulnerability Details CVEID:CVE-2023-46446 DESCRIPTION: An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an...

6.8CVSS6.7AI score0.00448EPSS

Exploits0Affected Software1

Packet Storm News•added 2025/09/13 12:0 a.m.•2 views

Finding SSH Strict Key Exchange Violations by State Learning

SSH is an important protocol for secure remote shell access to servers on the Internet. At USENIX 2024, B�umer et al. presented the Terrapin attack on SSH, which relies on the attacker injecting optional messages during the key exchange. To mitigate this attack, SSH vendors adopted an extension...

7.9AI score

Exploits0

Tenable Nessus•added 2025/08/30 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2023-46446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a...

6.8CVSS6.9AI score0.00388EPSS

Exploits0References2

Tenable Nessus•added 2025/06/16 12:0 a.m.•4 views

TencentOS Server 4: python-asyncssh (TSSA-2024:1054)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1054 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

6.8CVSS6.9AI score0.00448EPSS

Exploits0References3

RedHat Linux•added 2025/05/07 12:48 p.m.•0 views

python-asyncssh: Rogue Session Attack

A flaw was found in python-synch before the 2.14.1 versions, where the client can log in to the attacker's account without the client being able to detect this. This flaw allows an attacker to control the remote end of the SSH session completely, resulting in a complete break of the confidentiali...

6.8CVSS5.8AI score0.00388EPSS

Exploits0References5

F5 Networks•added 2024/02/12 9:47 a.m.•45 views

K000138577: Python-asyncssh vulnerability CVE-2023-46446

Security Advisory Description An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." CVE-2023-46446 Impact There is no impact; F5 products are not affected by this...

6.8CVSS7.7AI score0.00388EPSS

Exploits0

Debian CVE•added 2024/01/20 12:0 a.m.•17 views

CVE-2023-46447

Removed by vendor...

4.3CVSS5AI score0.00058EPSS

Exploits1

Veracode•added 2023/12/19 6:46 a.m.•67 views

Rogue Session Attack (Terrapin)

ssh is vulnerable to Terrapin attack. The vulnerability is due to mishandling of the handshake phase and sequence numbers in the SSH Binary Packet Protocol BPP with certain OpenSSH extensions. This allows an attacker to bypass integrity checks and omit packets during extension negotiation, and...

5.9CVSS6.5AI score0.54214EPSS

Exploits3References120Affected Software28