VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-r7r1-aqna-aaak

Essentials
Severities (105)
References (21)
Severity details (21)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-r7r1-aqna-aaak
Aliases	CVE-2023-46445 GHSA-cfc2-wr2v-gxm5 PYSEC-0000-CVE-2023-46445 PYSEC-2023-237
Summary	AsyncSSH Rogue Extension Negotiation
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-345	Insufficient Verification of Data Authenticity
CWE-349	Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-354	Improper Validation of Integrity Check Value
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	5.9	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
generic_textual	MODERATE	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46445.json
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.0022	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.0022	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.0022	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.0022	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.0022	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.0022	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.0022	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.0022	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.0022	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.0022	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.0022	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.0022	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.0022	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.0022	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.0022	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00459	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00709	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-cfc2-wr2v-gxm5
cvssv3.1	5.3	https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-237.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-237.yaml
cvssv3.1	8.1	https://github.com/ronf/asyncssh
generic_textual	HIGH	https://github.com/ronf/asyncssh
cvssv3.1	5.9	https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
generic_textual	MODERATE	https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
cvssv3.1	8.1	https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
generic_textual	HIGH	https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
cvssv3.1_qr	MODERATE	https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
cvssv3	5.9	https://nvd.nist.gov/vuln/detail/CVE-2023-46445
cvssv3.1	5.9	https://nvd.nist.gov/vuln/detail/CVE-2023-46445
cvssv3.1	8.1	https://security.netapp.com/advisory/ntap-20231222-0001
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20231222-0001
cvssv3.1	5.9	https://www.terrapin-attack.com
generic_textual	MODERATE	https://www.terrapin-attack.com

Reference id	Reference type	URL
		http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46445.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-46445
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46445
		https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-237.yaml
		https://github.com/ronf/asyncssh
		https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
		https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE/
		https://security.netapp.com/advisory/ntap-20231222-0001
		https://security.netapp.com/advisory/ntap-20231222-0001/
		https://www.terrapin-attack.com
1056000		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056000
2250326		https://bugzilla.redhat.com/show_bug.cgi?id=2250326
cpe:2.3:a:asyncssh_project:asyncssh::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asyncssh_project:asyncssh::::::::
CVE-2023-46445		https://nvd.nist.gov/vuln/detail/CVE-2023-46445
GHSA-cfc2-wr2v-gxm5		https://github.com/advisories/GHSA-cfc2-wr2v-gxm5
GHSA-cfc2-wr2v-gxm5		https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5
USN-7108-1		https://usn.ubuntu.com/7108-1/
USN-7108-2		https://usn.ubuntu.com/7108-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46445.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-237.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/ronf/asyncssh

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-46445

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-46445

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20231222-0001

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.terrapin-attack.com

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.36466
EPSS Score	0.00083
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.