CVE-2004-1653 — Openssh vulnerability

6 documents6 sources
Severity
6.4MEDIUMNVD
EPSS
0.4%
top 40.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openbsd Openssh
Timeline
PublishedAug 31
Latest updateApr 29

Description

The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

â–¶NVDopenbsd/openssh3.9

🔴Vulnerability Details

3
GHSA
GHSA-r52p-h476-w962: The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configur↗2022-04-29
â–¶
CVEList
CVE-2004-1653: The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configur↗2005-02-20
â–¶
VulnCheck
OpenSSH 'AllowTcpForwarding' Port Bounce Vulnerability↗2004
â–¶

📋Vendor Advisories

2
Debian
CVE-2004-1653: openssh - The default configuration for OpenSSH enables AllowTcpForwarding, which could al...↗2004
â–¶
Red Hat
CVE-2004-1653: The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configur↗
â–¶
CVE-2004-1653 — Openbsd Openssh vulnerability | cvebase