CVE-2023-46446

CWE-639 — Insecure Direct Object Reference CWE-345 CWE-349 CWE-354 CWE-359 CWE-37212 documents7 sources

Severity

6.8MEDIUM

EPSS

0.4%

top 37.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Asyncssh Project Asyncssh

Timeline

PublishedNov 14

Latest updateDec 12

Description

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.6 | Impact: 5.2

Affected Packages3 packages

▶PyPIasyncssh< 2.14.1

▶NVDasyncssh_project/asyncssh< 2.14.1

▶Debianpython-asyncssh< 2.5.0-0.1+deb11u1+3

🔴Vulnerability Details

OSV

python-asyncssh vulnerabilities↗2024-12-12

▶

OSV

python-asyncssh vulnerabilities↗2024-11-18

▶

OSV

CVE-2023-46446: An issue in AsyncSSH v2↗2023-11-14

▶

OSV

CVE-2023-46446: An issue in AsyncSSH before 2↗2023-11-14

▶

CVEList

CVE-2023-46446: An issue in AsyncSSH before 2↗2023-11-14

▶

📋Vendor Advisories

Ubuntu

AsyncSSH vulnerabilities↗2024-12-12

▶

Ubuntu

AsyncSSH vulnerabilities↗2024-11-18

▶

Red Hat

python-asyncssh: Rogue Session Attack↗2023-11-13

▶

Debian

CVE-2023-46446: python-asyncssh - An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of...↗2023

▶