Lucene search
RedhatCVE-2013-4436HistoryNov 05, 2013 - 6:55 p.m.
CVE-2013-4436
2013-11-0518:55:04
CWE-20
redhat
web.nvd.nist.gov
26
cve-2013-4436
salt
saltstack
ssh
host key
validation
remote attackers
mitm
nvd
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.9
Confidence
Low
EPSS
0.002
Percentile
61.6%
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.
Affected configurations
Node
saltstacksaltMatch0.17.0
Related
github
github
SaltStack MITM SSH attack in salt-ssh
2022-05-17 04:58:29
veracode
veracode
Man-in-the-Middle (MITM)
2024-05-06 04:53:53
debiancve
debiancve
CVE-2013-4436
2022-10-03 16:14:57
prion
prion
Default configuration
2013-11-05 18:55:00
cvelist
cvelist
CVE-2013-4436
2013-11-05 18:00:00
nvd
nvd
CVE-2013-4436
2013-11-05 18:55:04
osv
osv
PYSEC-2013-26
2013-11-05 18:55:00
ubuntucve
ubuntucve
CVE-2013-4436
2013-11-05 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: salt-0.17.1-1.fc20
2013-11-10 06:31:10
nessus
nessus
Fedora 20 : salt-0.17.1-1.fc20 (2013-19438)
2013-11-11 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.9
Confidence
Low
EPSS
0.002
Percentile
61.6%
Related for CVE-2013-4436