CVE-2021-36369

Ubuntu Security Notice USN-7292-1

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed.

Se ha detectado un problema en Dropbear versiones hasta 2020.81. Debido a una comprobación no compatible con RFC de los métodos de autenticación disponibles en el código SSH del lado del cliente, es posible que un servidor SSH cambie el proceso de inicio de sesión a su favor. Este ataque puede omitir medidas de seguridad adicionales como los tokens FIDO2 o SSH-Askpass. Por lo tanto, permite a un atacante abusar de un agente reenviado para iniciar sesión en otro servidor de forma inadvertida

Manfred Kaiser discovered that Dropbear through 2020.81 does not properly check the available authentication methods in the client-side SSH code. An attacker could use this vulnerability to gain unauthorized access to remote systems. Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that the SSH transport protocol implementation in Dropbear had weak integrity checks. An attacker could use this vulnerability to bypass security features like encryption and integrity checks.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Complete

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-07-09 CVE Reserved
2022-10-12 CVE Published
2024-08-04 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (4)

URL	Tag	Source
https://github.com/mkj/dropbear/pull/128	Third Party Advisory
https://github.com/mkj/dropbear/releases	Release Notes
https://github.com/mkj/dropbear/releases/tag/DROPBEAR_2022.82	Release Notes
https://lists.debian.org/debian-lts-announce/2022/11/msg00015.html	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dropbear Ssh Project Search vendor "Dropbear Ssh Project"		Dropbear Ssh Search vendor "Dropbear Ssh Project" for product "Dropbear Ssh"				<= 2020.81 Search vendor "Dropbear Ssh Project" for product "Dropbear Ssh" and version " <= 2020.81"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected