Описание
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
A flaw was found in python-synch before the 2.14.1 versions, where the client can log in to the attacker's account without the client being able to detect this. This flaw allows an attacker to control the remote end of the SSH session completely, resulting in a complete break of the confidentiality and integrity of the secure channel, which could cause more issues depending on the application logic implemented by the AsyncSSH server.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 6 | python-asyncssh | Affected | ||
| Red Hat Ceph Storage 7.1 | ceph | Fixed | RHSA-2025:4664 | 07.05.2025 |
| Red Hat Ceph Storage 7.1 | oath-toolkit | Fixed | RHSA-2025:4664 | 07.05.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS3
Связанные уязвимости
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
An issue in AsyncSSH before 2.14.1 allows attackers to control the rem ...
Уязвимость пакета клиентской и серверной реализации протокола SSHv2 asyncssh интерпретатора языка программирования Python, позволяющая нарушителю проводить атаки типа "человек по середине"
EPSS
6.8 Medium
CVSS3