Veracode Vulnerability DatabaseVERACODE:44228Rogue Extension Negotiation
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7.3 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
32.2%
asyncssh is vulnerable to Rogue Extension Negotiation. The vulnerability is caused by an implementation flaw in the AsyncSSH server implementation which leads to an injection of an extension info message chosen by the attacker via a man-in-the-middle attack. This is achieved by downgrading the algorithm used for client authentication by meddling with the value of server-sig-algs (e.g. use of SHA-1 instead of SHA-2). The AsyncSSH uses server-sig-algs and global-requests-ok extensions.
References
packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
github.com/advisories/GHSA-cfc2-wr2v-gxm5
github.com/ronf/asyncssh/blob/develop/docs/changes.rst
github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE/
security.netapp.com/advisory/ntap-20231222-0001/
www.terrapin-attack.com
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7.3 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
32.2%