Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-46446

Good to know:

icon
icon

Date: November 13, 2023

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."

Language: Python

Severity Score

Related Resources (14)

https://www.terrapin-attack.com
https://security.netapp.com/advisory/ntap-20231222-0001
https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
https://security.netapp.com/advisory/ntap-20231222-0001/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
https://nvd.nist.gov/vuln/detail/CVE-2023-46446
https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
https://github.com/ronf/asyncssh
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE/
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
https://github.com/advisories/GHSA-c35q-ffpf-5qpm
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-239.yaml
https://www.mend.io/vulnerability-database/CVE-2023-46446

Severity Score

Weakness Type (CWE)

Insufficient Verification of Data Authenticity

CWE-345

Exposure of Private Personal Information to an Unauthorized Actor

CWE-359

Acceptance of Extraneous Untrusted Data With Trusted Data

CWE-349

Improper Validation of Integrity Check Value

CWE-354

Authorization Bypass Through User-Controlled Key

CWE-639

Top Fix

icon

Upgrade Version

Upgrade to version asyncssh - 2.14.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us