Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1715 — SSH vulnerability

5 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 71.57%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SSH SSH Ssh2

Timeline

PublishedDec 31

Latest updateApr 30

Description

SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDssh/ssh32 versions+31

▶NVDssh/ssh220 versions+19

🔴Vulnerability Details

GHSA

GHSA-hmhx-2jp5-6pxr: SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-wr↗2022-04-30

▶

CVEList

CVE-2002-1715: SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-wr↗2005-06-21

▶

💥Exploits & PoCs

Exploit-DB

SSH2 3.0 - Restricted Shell Escape (Command Execution)↗2002-04-18

▶

📋Vendor Advisories

Debian

CVE-2002-1715: openssh - SSH 1 through 3, and possibly other versions, allows local users to bypass restr...↗2002

▶