CVE-2000-0217 — Openssh vulnerability

3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

0.6%

top 29.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh SSH SSH Ssh2

Timeline

PublishedFeb 24

Latest updateApr 30

Description

The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages3 packages

▶NVDssh/ssh32 versions+31

▶NVDssh/ssh213 versions+12

▶NVDopenbsd/openssh1.2

🔴Vulnerability Details

GHSA

GHSA-6hfg-9p4g-2q8c: The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth progr↗2022-04-30

▶

CVEList

CVE-2000-0217: The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth progr↗2000-04-10

▶