CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
91.7%
DenyHosts 2.6 processes OpenSSH sshd “not listed in AllowUsers” log
messages with an incorrect regular expression that does not match an IP
address, which might allow remote attackers to avoid detection and blocking
when making invalid login attempts with a username not present in
AllowUsers, as demonstrated by the root username, a different vulnerability
than CVE-2007-4323.