7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
86.2%
Simon Tatham reports:
This version fixes a security hole in previous versions
of PuTTY, which can allow a malicious SFTP server to
attack your client. If you use either PSCP or PSFTP, you
should upgrade. Users of the main PuTTY program are not
affected. (However, note that the server must have passed
host key verification before this attack can be launched,
so a man-in-the-middle shouldn’t be able to attack you if
you’re careful.)