CVE-2014-2532 — Improper Neutralization of Special Elements in Openssh

CWE-264 CWE-138 — Improper Neutralization of Special Elements11 documents10 sources

Severity

4.9MEDIUMNVD

EPSS

0.2%

top 57.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh Oracle Communications User Data Repository Paloalto Pan-os

Timeline

PublishedMar 18

Latest updateMay 14

Description

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.7

Affected Packages4 packages

▶Debianopenbsd/openssh< 1:6.6p1-1+3

▶NVDopenbsd/openssh6.5+5

▶Palo Altopaloalto/pan-os

▶NVDoracle/communications_user_data_repository10.0.1

🔴Vulnerability Details

GHSA

GHSA-qf84-3fjj-8852: sshd in OpenSSH before 6↗2022-05-14

▶

OSV

CVE-2014-2532: sshd in OpenSSH before 6↗2014-03-18

▶

CVEList

CVE-2014-2532: sshd in OpenSSH before 6↗2014-03-18

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2020-0004 Informational: Third-party or open source vulnerabilities that do not affect PAN-OS↗2020-05-13

▶

Ubuntu

OpenSSH vulnerability↗2014-03-25

▶

Red Hat

openssh: AcceptEnv environment restriction bypass flaw↗2014-03-15

▶

Debian

CVE-2014-2532: openssh - sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv line...↗2014

▶

Apple

CVE-2014-2532: OS X El Capitan v10.11↗

▶

💬Community

Bugzilla

CVE-2014-2532 openssh: AcceptEnv environment restriction bypass flaw↗2014-03-18

▶

Bugzilla

CVE-2014-2532 openssh: AcceptEnv environment restriction bypass flaw [fedora-all]↗2014-03-18

▶