Veracode Vulnerability DatabaseVERACODE:45208Improper Authentication
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7 High
AI Score
Confidence
High
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
9.2%
OpenSSH is vulnerable to Improper Authentication. The vulnerability is due to destination constraints being incompletely applied due to their limitation to the first key when a PKCS#11 token returns multiple keys, even though these constraints are specified during the addition of PKCS#11-hosted private keys.
References
seclists.org/fulldisclosure/2024/Mar/21
github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b
secdb.alpinelinux.org/v3.17/main.yaml
security.netapp.com/advisory/ntap-20240105-0005/
support.apple.com/kb/HT214084
www.debian.org/security/2023/dsa-5586
www.openssh.com/txt/release-9.6
www.openwall.com/lists/oss-security/2023/12/18/2
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7 High
AI Score
Confidence
High
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
9.2%