Kaspersky LabKLA10434KLA10434 Multiple vulnerabilities in PuTTY
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.4 High
AI Score
Confidence
High
0.027 Low
EPSS
Percentile
90.6%
Multiple serious vulnerabilities have been found in PuTTY. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information or possibly execute arbitrary code. Below is a complete list of vulnerabilities
- An integer overflow can be exploited remotely via a specially designed RSA key;
- Improper work with memory can be exploited locally;
- Buffer overflow and underflow can be exploited remotely via a specially designed DSA signature;
Original advisories
Related products
CVE list
CVE-2013-4852 high
CVE-2013-4207 high
CVE-2013-4208 high
CVE-2013-4206 high
Solution
Update to latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Affected Products
- PuTTY versions earlier than 0.62
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.4 High
AI Score
Confidence
High
0.027 Low
EPSS
Percentile
90.6%