VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-e2cy-pzgk-9ucu

Essentials
Severities (41)
References (29)
Severity details (39)
Exploits (2)
EPSS
History (1)

Vulnerability ID	VCID-e2cy-pzgk-9ucu
Aliases	CVE-2018-15473
Summary
Status	Published
Exploitability	2.0
Weighted Severity	6.2
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
cvssv3.1	5.9	https://access.redhat.com/errata/RHSA-2019:0711
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:0711
cvssv3.1	5.9	https://access.redhat.com/errata/RHSA-2019:2143
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:2143
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15473.json
epss	0.90356	https://api.first.org/data/v1/epss?cve=CVE-2018-15473
epss	0.90356	https://api.first.org/data/v1/epss?cve=CVE-2018-15473
cvssv3.1	5.9	https://bugs.debian.org/906236
ssvc	Track	https://bugs.debian.org/906236
cvssv3.1	5.9	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
ssvc	Track	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.9	https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
ssvc	Track	https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
cvssv3.1	5.9	https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html
cvssv3.1	5.9	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011
ssvc	Track	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011
archlinux	Medium	https://security.archlinux.org/AVG-763
cvssv3.1	5.9	https://security.gentoo.org/glsa/201810-03
ssvc	Track	https://security.gentoo.org/glsa/201810-03
cvssv3.1	5.9	https://security.netapp.com/advisory/ntap-20181101-0001/
ssvc	Track	https://security.netapp.com/advisory/ntap-20181101-0001/
cvssv3.1	5.9	https://usn.ubuntu.com/3809-1/
ssvc	Track	https://usn.ubuntu.com/3809-1/
cvssv3.1	5.9	https://www.debian.org/security/2018/dsa-4280
ssvc	Track	https://www.debian.org/security/2018/dsa-4280
cvssv3.1	5.9	https://www.exploit-db.com/exploits/45210/
ssvc	Track	https://www.exploit-db.com/exploits/45210/
cvssv3.1	5.9	https://www.exploit-db.com/exploits/45233/
ssvc	Track	https://www.exploit-db.com/exploits/45233/
cvssv3.1	5.9	https://www.exploit-db.com/exploits/45939/
ssvc	Track	https://www.exploit-db.com/exploits/45939/
cvssv3.1	5.9	https://www.oracle.com/security-alerts/cpujan2020.html
ssvc	Track	https://www.oracle.com/security-alerts/cpujan2020.html
cvssv3.1	5.9	http://www.openwall.com/lists/oss-security/2018/08/15/5
ssvc	Track	http://www.openwall.com/lists/oss-security/2018/08/15/5
cvssv3.1	5.9	http://www.securityfocus.com/bid/105140
ssvc	Track	http://www.securityfocus.com/bid/105140
cvssv3.1	5.9	http://www.securitytracker.com/id/1041487
ssvc	Track	http://www.securitytracker.com/id/1041487

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15473.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-15473
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1041487		http://www.securitytracker.com/id/1041487
105140		http://www.securityfocus.com/bid/105140
1619063		https://bugzilla.redhat.com/show_bug.cgi?id=1619063
201810-03		https://security.gentoo.org/glsa/201810-03
3809-1		https://usn.ubuntu.com/3809-1/
45210		https://www.exploit-db.com/exploits/45210/
45233		https://www.exploit-db.com/exploits/45233/
45939		https://www.exploit-db.com/exploits/45939/
5		http://www.openwall.com/lists/oss-security/2018/08/15/5
779974d35b4859c07bc3cb8a12c74b43b0a7d1e0		https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
906236		https://bugs.debian.org/906236
906236		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906236
AVG-763		https://security.archlinux.org/AVG-763
cpujan2020.html		https://www.oracle.com/security-alerts/cpujan2020.html
CVE-2018-15473	Exploit	https://bugfuzz.com/stuff/ssh-check-username.py
CVE-2018-15473	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45210.py
CVE-2018-15473	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45233.py
CVE-2018-15473	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45939.py
dsa-4280		https://www.debian.org/security/2018/dsa-4280
msg00022.html		https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html
ntap-20181101-0001		https://security.netapp.com/advisory/ntap-20181101-0001/
RHSA-2019:0711		https://access.redhat.com/errata/RHSA-2019:0711
RHSA-2019:2143		https://access.redhat.com/errata/RHSA-2019:2143
SNWLID-2018-0011		https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011
ssa-412672.pdf		https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Data source	Metasploit
Description	This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The default action sends a malformed (corrupted) SSH_MSG_USERAUTH_REQUEST packet using public key authentication (must be enabled) to enumerate users. On some versions of OpenSSH under some configurations, OpenSSH will return a "permission denied" error for an invalid user faster than for a valid user, creating an opportunity for a timing attack to enumerate users. Testing note: invalid users were logged, while valid users were not. YMMV.
Note	Stability: - crash-service-down Reliability: [] SideEffects: - ioc-in-logs - account-lockouts
Ransomware campaign use	Unknown
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/ssh/ssh_enumusers.rb

Data source	Exploit-DB
Date added	Dec. 4, 2018
Description	OpenSSH < 7.7 - User Enumeration (2)
Ransomware campaign use	Unknown
Source publication date	Dec. 4, 2018
Exploit type	remote
Platform	linux
Source update date	Dec. 4, 2018

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:0711

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at https://access.redhat.com/errata/RHSA-2019:0711

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:2143

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at https://access.redhat.com/errata/RHSA-2019:2143

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15473.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://bugs.debian.org/906236

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at https://bugs.debian.org/906236

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security.gentoo.org/glsa/201810-03

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at https://security.gentoo.org/glsa/201810-03

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20181101-0001/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at https://security.netapp.com/advisory/ntap-20181101-0001/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://usn.ubuntu.com/3809-1/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at https://usn.ubuntu.com/3809-1/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2018/dsa-4280

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at https://www.debian.org/security/2018/dsa-4280

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.exploit-db.com/exploits/45210/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at https://www.exploit-db.com/exploits/45210/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.exploit-db.com/exploits/45233/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at https://www.exploit-db.com/exploits/45233/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.exploit-db.com/exploits/45939/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at https://www.exploit-db.com/exploits/45939/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.oracle.com/security-alerts/cpujan2020.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at https://www.oracle.com/security-alerts/cpujan2020.html

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2018/08/15/5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at http://www.openwall.com/lists/oss-security/2018/08/15/5

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.securityfocus.com/bid/105140

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at http://www.securityfocus.com/bid/105140

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.securitytracker.com/id/1041487

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/ Found at http://www.securitytracker.com/id/1041487

Exploit Prediction Scoring System (EPSS)

Percentile	0.9962
EPSS Score	0.90356
Published At	June 12, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:06:34.484574+00:00	SUSE Severity Score Importer	Import	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml	38.6.0