6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.035 Low
EPSS
Percentile
91.6%
DenyHosts 2.6 processes OpenSSH sshd “not listed in AllowUsers” log
messages with an incorrect regular expression that does not match an IP
address, which might allow remote attackers to avoid detection and blocking
when making invalid login attempts with a username not present in
AllowUsers, as demonstrated by the root username, a different vulnerability
than CVE-2007-4323.