Detections
Analytics

OpenSSH < 7.9 Access Validation Error

medium Nessus Network Monitor Plugin ID 701157

Synopsis

The remote SSH server may be affected by an access validation error vulnerability.

Description

The installed version of OpenSSH is prior to 7.9 and is affected by a access validation error vulnerability in OpenSSH through 7.8 that could be used by remote attackers to detect existence of users on a target system when GSS2 is in use.

Solution

Upgrade to OpenSSH 7.x version 7.9 or later.

See Also

http://www.openssh.com/txt/release-7.9

Plugin Details

Severity: Medium

ID: 701157

Family: SSH

Published: 8/21/2019

Updated: 8/21/2019

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:U/RC:R

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Patch Publication Date: 8/28/2018

Vulnerability Publication Date: 8/28/2018

Reference Information

CVE: CVE-2018-15919

BID: 105163