MitreCVE-2018-15919CVE-2018-15919
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
65.9%
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration (or “oracle”) as a vulnerability.’
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| openbsd | openssh | * | cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* |
| netapp | cloud_backup | - | cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* |
| netapp | data_ontap_edge | - | cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:* |
| netapp | ontap_select_deploy | - | cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:* |
| netapp | steelstore | - | cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:* |
| netapp | cn1610 | - | cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:* |
| netapp | cn1610_firmware | - | cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:* |
References
Social References
More
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
65.9%