CVE-2014-8779

Опубликовано: 03 фев. 2015

Источник: nvd

CVSS2: 7.1

EPSS Низкий

Описание

Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.

Ссылки

http://packetstormsecurity.com/files/130174/Pexip-Infinity-Non-Unique-SSH-Host-Keys.html
http://www.pexip.com/sites/pexip/files/Pexip_Security_Bulletin_2015-01-02.pdf
Exploit
Vendor Advisory
http://www.securityfocus.com/archive/1/534576/100/0/threaded
http://www.securityfocus.com/bid/72359
http://packetstormsecurity.com/files/130174/Pexip-Infinity-Non-Unique-SSH-Host-Keys.html
http://www.pexip.com/sites/pexip/files/Pexip_Security_Bulletin_2015-01-02.pdf
Exploit
Vendor Advisory
http://www.securityfocus.com/archive/1/534576/100/0/threaded
http://www.securityfocus.com/bid/72359

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pexip:pexip_infinity:*:*:*:*:*:*:*:*

Версия до 7.0 (включая)

EPSS

Процентиль: 51%

0.00284

Низкий

7.1 High

CVSS2

Дефекты

CWE-254

Связанные уязвимости

GHSA-jm9r-r7jq-fwxw

github

больше 3 лет назад