Lucene search
Veracode Vulnerability DatabaseVERACODE:46744HistoryMay 06, 2024 - 4:53 a.m.
Man-in-the-Middle (MITM)
2024-05-0604:53:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
man-in-the-middle
ssh host key validation
salt-ssh
exploited
attackers
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.6
Confidence
Low
EPSS
0.002
Percentile
61.6%
Salt vulnerable to Man-in-the-Middle (MITM). The vulnerability is due to the absence of SSH host key validation in the default configuration of salt-ssh, which can be exploited by attackers to carry out man-in-the-middle attacks.
Related
github
github
SaltStack MITM SSH attack in salt-ssh
2022-05-17 04:58:29
cve
cve
CVE-2013-4436
2013-11-05 18:55:04
nvd
nvd
CVE-2013-4436
2013-11-05 18:55:04
debiancve
debiancve
CVE-2013-4436
2022-10-03 16:14:57
prion
prion
Default configuration
2013-11-05 18:55:00
cvelist
cvelist
CVE-2013-4436
2013-11-05 18:00:00
osv
osv
PYSEC-2013-26
2013-11-05 18:55:00
ubuntucve
ubuntucve
CVE-2013-4436
2013-11-05 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: salt-0.17.1-1.fc20
2013-11-10 06:31:10
nessus
nessus
Fedora 20 : salt-0.17.1-1.fc20 (2013-19438)
2013-11-11 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.6
Confidence
Low
EPSS
0.002
Percentile
61.6%
Related for VERACODE:46744