CVE-2014-2653
Description
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
3.883
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| secure shell (SSH) for secure access to remote machines (USN-2164-1) openssh-client_5.9p1-5ubuntu1_i386.deb | Linux |
| secure shell (SSH) for secure access to remote machines (USN-2164-1) openssh-client_5.9p1-5ubuntu1_amd64.deb | Linux |
| Improper Input Validation Vulnerability (CVE-2014-2653) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234