CVE-2021-36368

ADVISORY - nist

Summary

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed.

EPSS Score⁠: 0.00573 (0.677)

Common Weakness Enumeration (CWE)

ADVISORY - nist

NIST

CREATED

4 years ago

UPDATED

11 months ago

ADVISORY IDCVE-2021-36368⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-287⁠

CVSS SCORE

3.7low

Alpine

CREATED

3 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2021-36368⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

4 years ago

UPDATED

17 days ago

ADVISORY IDCVE-2021-36368⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

4 years ago

UPDATED

3 months ago

ADVISORY IDCVE-2021-36368⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

3.7medium

Red Hat

CREATED

4 years ago

UPDATED

7 months ago

ADVISORY IDCVE-2021-36368⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-287⁠

CVSS SCORE

N/Aunspecified

CVE-2021-36368

Summary

Common Weakness Enumeration (CWE)

CWE-287⁠

CWE-287⁠

Advisories

NIST

CVSS SCORE

Alpine

Debian

CVSS SCORE

Ubuntu

CVSS SCORE

Red Hat

CVSS SCORE