CVSS: 5.9EPSS: 67%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46445 – Terrapin SSH Connection Weakening
https://notcve.org/view.php?id=CVE-2023-46445
14 Nov 2023 — An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation." Un problema en AsyncSSH v2.14.0 y versiones anteriores permite a los atacantes controlar el mensaje de información de la extensión (RFC 8308) mediante un ataque de intermediario. Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept comm... • https://packetstorm.news/files/id/176280 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46446 – Terrapin SSH Connection Weakening
https://notcve.org/view.php?id=CVE-2023-46446
14 Nov 2023 — An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." Un problema en AsyncSSH v2.14.0 y versiones anteriores permite a los atacantes controlar el final remoto de una sesión de cliente SSH mediante inyección/eliminación de paquetes y emulación de shell. Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that AsyncSSH did not properly handle the extension info message. A... • https://packetstorm.news/files/id/176280 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7749
https://notcve.org/view.php?id=CVE-2018-7749
12 Mar 2018 — The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step. La implementación del servidor SSH en AsyncSSH, en versiones anteriores a la 1.12.1, no comprueba adecuadamente si la autenticación se completa antes de procesar otras peticiones. Un cliente SSH personalizado puede simplemente omitir el paso de autenticación. • https://github.com/ronf/asyncssh/commit/c161e26cdc0d41b745b63d9f17b437f073bf7ba4 • CWE-287: Improper Authentication •