CVE-2006-5484 — Tectia Client vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

CNA4.3

EPSS

1.7%

top 17.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SSH Tectia Client SSH Tectia Connector SSH Tectia Manager +1 more

Timeline

PublishedOct 24

Latest updateMay 1

Description

SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDssh/tectia_client5.1.0

▶NVDssh/tectia_server5.1.0

▶NVDssh/tectia_manager2.2.0

▶NVDssh/tectia_connector5.1.0

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-f6g8-8p5j-hphv: SSH Tectia Client/Server/Connector 5↗2022-05-01

▶

CVEList

CVE-2006-5484: SSH Tectia Client/Server/Connector 5↗2006-10-24

▶