Search for vulnerabilities
Vulnerability details: VCID-beuz-csv7-aaaq
Vulnerability ID VCID-beuz-csv7-aaaq
Aliases CVE-2008-1657
Summary OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.00829 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.03936 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.04403 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.04403 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
epss 0.04403 https://api.first.org/data/v1/epss?cve=CVE-2008-1657
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=440268
cvssv2 6.5 https://nvd.nist.gov/vuln/detail/CVE-2008-1657
Reference id Reference type URL
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc
http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1657.json
https://api.first.org/data/v1/epss?cve=CVE-2008-1657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657
http://secunia.com/advisories/29602
http://secunia.com/advisories/29609
http://secunia.com/advisories/29683
http://secunia.com/advisories/29693
http://secunia.com/advisories/29735
http://secunia.com/advisories/29939
http://secunia.com/advisories/30361
http://secunia.com/advisories/31531
http://secunia.com/advisories/31882
http://secunia.com/advisories/32080
http://secunia.com/advisories/32110
https://exchange.xforce.ibmcloud.com/vulnerabilities/41549
https://issues.rpath.com/browse/RPL-2419
http://support.attachmate.com/techdocs/2374.html
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139
http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:098
http://www.openbsd.org/errata43.html#001_openssh
http://www.openssh.com/txt/release-4.9
http://www.securityfocus.com/archive/1/490488/100/0/threaded
http://www.securityfocus.com/bid/28531
http://www.securitytracker.com/id?1019733
http://www.ubuntu.com/usn/usn-649-1
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
http://www.vupen.com/english/advisories/2008/1035/references
http://www.vupen.com/english/advisories/2008/1624/references
http://www.vupen.com/english/advisories/2008/2396
http://www.vupen.com/english/advisories/2008/2584
440268 https://bugzilla.redhat.com/show_bug.cgi?id=440268
475156 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475156
cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*
CVE-2008-1657 https://nvd.nist.gov/vuln/detail/CVE-2008-1657
GLSA-200804-03 https://security.gentoo.org/glsa/200804-03
USN-649-1 https://usn.ubuntu.com/649-1/
No exploits are available.
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1657
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.39514
EPSS Score 0.00202
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.