CVE-2024-41909

CWE-3548 documents7 sources

Severity

5.9MEDIUM

EPSS

0.5%

top 35.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Mina Sshd Apache Mina Sshd

Timeline

PublishedAug 12

Latest updateOct 15

Description

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both cl…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶NVDapache/mina_sshd2.11.0

▶CVEListV5apache_software_foundation/apache_mina_sshd2.11.0

▶Mavenorg.apache.sshd:sshd-common< 2.12.0

🔴Vulnerability Details

OSV

Apache MINA SSHD: integrity check bypass↗2024-08-12

▶

GHSA

Apache MINA SSHD: integrity check bypass↗2024-08-12

▶

CVEList

Apache MINA SSHD: integrity check bypass↗2024-08-12

▶

📋Vendor Advisories

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Apache Mina SSHD) — CVE-2024-41909↗2025-10-15

▶

Oracle

Oracle Oracle Retail Applications Risk Matrix: Internal Operations (Apache Mina SSHD) — CVE-2024-41909↗2024-10-15

▶

Red Hat

mina-sshd: integrity check bypass vulnerability↗2024-08-12

▶

Debian

CVE-2024-41909: libmina-sshd-java - Like many other SSH implementations, Apache MINA SSHD suffered from the issue th...↗2024

▶