cbcvebase.
CVE-2021-36369
published 2022-10-12

CVE-2021-36369: An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it…

PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.35%
68.0th percentile
An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed.

Affected

10 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandropbear< dropbear 2022.82-1 (bookworm)dropbear 2022.82-1 (bookworm)
dropbear_ssh_projectdropbear_ssh<= 2020.81
dropbear_ssh_projectdropbear_ssh>= 0 < 2020.81-3+deb11u12020.81-3+deb11u1
dropbear_ssh_projectdropbear_ssh>= 0 < 2022.82-12022.82-1
dropbear_ssh_projectdropbear_ssh>= 0 < 2022.82-12022.82-1
dropbear_ssh_projectdropbear_ssh>= 0 < 2022.82-12022.82-1
dropbear_ssh_projectdropbear_ssh>= 0 < 2020.81-5ubuntu0.12020.81-5ubuntu0.1
dropbear_ssh_projectdropbear_ssh>= 0 < 2017.75-3ubuntu0.1~esm12017.75-3ubuntu0.1~esm1
dropbear_ssh_projectdropbear_ssh>= 0 < 2019.78-2ubuntu0.1~esm12019.78-2ubuntu0.1~esm1

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.