Search for vulnerabilities
Vulnerability details: VCID-1fdh-sg9m-aaab
Vulnerability ID VCID-1fdh-sg9m-aaab
Aliases CVE-2023-46446
GHSA-c35q-ffpf-5qpm
PYSEC-0000-CVE-2023-46446
PYSEC-2023-239
Summary AsyncSSH Rogue Session Attack
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (7)
CWE-639 Authorization Bypass Through User-Controlled Key
CWE-345 Insufficient Verification of Data Authenticity
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-354 Improper Validation of Integrity Check Value
CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 5.9 http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
generic_textual MODERATE http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
cvssv3 6.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46446.json
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.0035 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss 0.01067 https://api.first.org/data/v1/epss?cve=CVE-2023-46446
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-c35q-ffpf-5qpm
cvssv3.1 8.1 https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-239.yaml
generic_textual HIGH https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-239.yaml
cvssv3.1 8.1 https://github.com/ronf/asyncssh
generic_textual HIGH https://github.com/ronf/asyncssh
cvssv3.1 5.9 https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
generic_textual MODERATE https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
cvssv3.1 8.1 https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
generic_textual HIGH https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
cvssv3.1_qr HIGH https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
cvssv3.1 8.1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
cvssv3 6.8 https://nvd.nist.gov/vuln/detail/CVE-2023-46446
cvssv3.1 6.8 https://nvd.nist.gov/vuln/detail/CVE-2023-46446
cvssv3.1 8.1 https://security.netapp.com/advisory/ntap-20231222-0001
generic_textual HIGH https://security.netapp.com/advisory/ntap-20231222-0001
cvssv3.1 5.9 https://www.terrapin-attack.com
generic_textual MODERATE https://www.terrapin-attack.com
Reference id Reference type URL
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46446.json
https://api.first.org/data/v1/epss?cve=CVE-2023-46446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46446
https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-239.yaml
https://github.com/ronf/asyncssh
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE/
https://security.netapp.com/advisory/ntap-20231222-0001
https://security.netapp.com/advisory/ntap-20231222-0001/
https://www.terrapin-attack.com
1055999 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055999
2250329 https://bugzilla.redhat.com/show_bug.cgi?id=2250329
cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:*
CVE-2023-46446 https://nvd.nist.gov/vuln/detail/CVE-2023-46446
GHSA-c35q-ffpf-5qpm https://github.com/advisories/GHSA-c35q-ffpf-5qpm
GHSA-c35q-ffpf-5qpm https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
RHSA-2025:4664 https://access.redhat.com/errata/RHSA-2025:4664
USN-7108-1 https://usn.ubuntu.com/7108-1/
USN-7108-2 https://usn.ubuntu.com/7108-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46446.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-239.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/ronf/asyncssh
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-46446
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-46446
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20231222-0001
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.terrapin-attack.com
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.41493
EPSS Score 0.00097
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.