CVE-2021-36369
published 2022-10-12CVE-2021-36369: An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.35%
68.0th percentile
An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | dropbear | < dropbear 2022.82-1 (bookworm) | dropbear 2022.82-1 (bookworm) |
| dropbear_ssh_project | dropbear_ssh | <= 2020.81 | — |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2020.81-3+deb11u1 | 2020.81-3+deb11u1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2022.82-1 | 2022.82-1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2022.82-1 | 2022.82-1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2022.82-1 | 2022.82-1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2020.81-5ubuntu0.1 | 2020.81-5ubuntu0.1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2017.75-3ubuntu0.1~esm1 | 2017.75-3ubuntu0.1~esm1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2019.78-2ubuntu0.1~esm1 | 2019.78-2ubuntu0.1~esm1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Dropbear vulnerabilities
vendor_ubuntu·2025-02-25·CVSS 7.5
CVE-2021-36369 [HIGH] Dropbear vulnerabilities
Title: Dropbear vulnerabilities
Summary: Several security issues were fixed in dropbear.
Manfred Kaiser discovered that Dropbear through 2020.81 does not properly
check the available authentication methods in the client-side SSH code.
An attacker could use this vulnerability to gain unauthorized access to
remote systems. (CVE-2021-36369)
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the SSH
transport protocol implementation in Dropbear had weak integrity checks.
An attacker could use this vulnerability to bypass security features
like encryption and integrity checks. (CVE-2023-48795)
Instructions: In general, a standard system update will make all the necessary changes.
CISA ICS
Siemens SCALANCE XCM-/XRM-300
cisa_ics·2024-02-15
Siemens SCALANCE XCM-/XRM-300
ICS Advisory
##
Siemens SCALANCE XCM-/XRM-300
Release DateFebruary 15, 2024
Alert CodeICSA-24-046-11
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE XCM-/XRM-300
- Vulnerabilities: Out-of-bounds Write, Incorrect Type Conversion or Cast, Improper Verification of Cryptographic Signature, Improper Access Control, Improper Authentication, Missing Encryption
Debian
CVE-2021-36369: dropbear - An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant ...
vendor_debian·2021·CVSS 7.5
CVE-2021-36369 [HIGH] CVE-2021-36369: dropbear - An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant ...
An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed.
Scope: local
bookworm: resolved (fixed in 2022.82-1)
bullseye: resolved (fixed in 2020.81-3+deb11u1)
forky: resolved (fixed in 2022.82-1)
sid: resolved (fixed in 2022.82-1)
trixie: resolved (fixed in 2022.82-1)
OSV
Several security issues were fixed in Dropbear
osv·2025-02-25·CVSS 7.5
CVE-2021-36369 [HIGH] Several security issues were fixed in Dropbear
Several security issues were fixed in Dropbear
Manfred Kaiser discovered that Dropbear through 2020.81 does not properly
check the available authentication methods in the client-side SSH code.
An attacker could use this vulnerability to gain unauthorized access to
remote systems. (CVE-2021-36369)
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the SSH
transport protocol implementation in Dropbear had weak integrity checks.
An attacker could use this vulnerability to bypass security features
like encryption and integrity checks. (CVE-2023-48795)
GHSA
GHSA-mwx5-864v-x3jc: An issue was discovered in Dropbear through 2020
ghsa_unreviewed·2022-10-13
CVE-2021-36369 [HIGH] CWE-287 GHSA-mwx5-864v-x3jc: An issue was discovered in Dropbear through 2020
An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed.
OSV
CVE-2021-36369: An issue was discovered in Dropbear through 2020
osv·2022-10-12·CVSS 7.5
CVE-2021-36369 [HIGH] CVE-2021-36369: An issue was discovered in Dropbear through 2020
An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/mkj/dropbear/pull/128https://github.com/mkj/dropbear/releaseshttps://github.com/mkj/dropbear/releases/tag/DROPBEAR_2022.82https://lists.debian.org/debian-lts-announce/2022/11/msg00015.htmlhttps://github.com/mkj/dropbear/pull/128https://github.com/mkj/dropbear/releaseshttps://github.com/mkj/dropbear/releases/tag/DROPBEAR_2022.82https://lists.debian.org/debian-lts-announce/2022/11/msg00015.html
2022-10-12
Published