Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2791

4 documents4 sources

Severity

10.0CRITICAL

EPSS

6.9%

top 8.59%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Tru64

Timeline

PublishedMay 22

Latest updateMay 1

Description

Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/tru645.1b3, 5.1b4+1

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-j7hr-hq3j-vpv3: Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5↗2022-05-01

▶

CVEList

CVE-2007-2791: Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5↗2007-05-22

▶

💥Exploits & PoCs

Exploit-DB

HP Tru64 - Remote Secure Shell User Enumeration↗2007-06-04

▶