Russian Vulnerability Scanner Database

Back to List

CVE-2001-1473

Scores

EPSS

0.052very_low5.2%
0%20%40%60%80%100%

Percentile: 5.2%

CVSS

7.5high2.0
0246810

CVSS Score: 7.5/10

All CVSS Scores

CVSS 2.0
7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target’s public key, which allows the attacker to compute the corresponding private key and use the target’s Session ID with the compromised key pair to masquerade as the target.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

nvd

CWEs

CWE-310

Exploits

Exploit ID: CVE-2001-1473

Source: github-poc

URL: https://github.com/alexandermoro/cve-2001-1473

Vulnerable Software (1)

Type: Configuration

Vendor: *

Product: ssh

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:ssh:ssh:1.2.24:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:ssh:ssh:1.2.25:*:*:*:*:*:*:*",      "vulnerable...

Source: nvd