CVE-2001-0361 — Openssh vulnerability

CWE-3103 documents3 sources

Severity

4.0MEDIUMNVD

EPSS

1.3%

top 20.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SSH Openbsd Openssh

Timeline

PublishedJun 27

Latest updateMay 3

Description

Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages2 packages

▶NVDopenbsd/openssh1.2.3, 2.1, 2.1.1+2

▶NVDssh/ssh1.2.31

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-gf79-xhc9-6fmw: Implementations of SSH version 1↗2022-05-03

▶

CVEList

CVE-2001-0361: Implementations of SSH version 1↗2001-09-18

▶