CVE-2005-2146 — Tectia Server vulnerability

3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.0%

top 87.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SSH Tectia Server

Timeline

PublishedJul 5

Latest updateMay 1

Description

SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDssh/tectia_server4.3.1

Patches

Patch: secunia.com ↗Patch: www.ssh.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-jq5x-f35w-xxr2: SSH Tectia Server 4↗2022-05-01

▶

CVEList

CVE-2005-2146: SSH Tectia Server 4↗2005-07-05

▶