FKIE_CVE-2001-1473

Vulnerability from fkie_nvd - Published: 2001-01-18 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
References
cve@mitre.orghttp://www.kb.cert.org/vuls/id/684820US Government Resource
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/6603
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/684820US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/6603
Impacted products
Vendor Product Version
ssh ssh 1.2.24
ssh ssh 1.2.25
ssh ssh 1.2.26
ssh ssh 1.2.27
ssh ssh 1.2.28
ssh ssh 1.2.29
ssh ssh 1.2.30
ssh ssh 1.2.31
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ssh:ssh:1.2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0EDBA45-FDEE-4D4B-A6FF-7E953B523DAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ssh:ssh:1.2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AF5BDEF-E86B-4F4D-AF6D-B27044A96B1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ssh:ssh:1.2.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D0FF07F-E13B-425F-9892-C50B326B2944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ssh:ssh:1.2.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "338EDA76-05D6-48C0-952E-6244A5F206F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ssh:ssh:1.2.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "F719468E-A218-4EB5-9F8D-7841E84F44C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ssh:ssh:1.2.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E4FCD36-0009-4A93-A190-8FDD11C672CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ssh:ssh:1.2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "71727854-1B75-465F-AF8C-DFE6EFF46B40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ssh:ssh:1.2.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "64B76EA2-D3A6-4751-ADE6-998C2A7B44FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target\u0027s public key, which allows the attacker to compute the corresponding private key and use the target\u0027s Session ID with the compromised key pair to masquerade as the target."
    }
  ],
  "id": "CVE-2001-1473",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-01-18T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/684820"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6603"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/684820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6603"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.