Search for vulnerabilities
Vulnerability details: VCID-vbdx-78da-aaak
Vulnerability ID VCID-vbdx-78da-aaak
Aliases CVE-2016-7406
Summary Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7406.html
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.02911 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.03115 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.03115 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.03115 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.03115 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.08147 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.08147 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.08147 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.08147 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.08147 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.08147 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.08147 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.08147 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.08147 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.08147 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.08147 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.08147 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.1035 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
epss 0.21679 https://api.first.org/data/v1/epss?cve=CVE-2016-7406
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7406
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2016-7406
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-7406
generic_textual Low https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
generic_textual Low http://www.openwall.com/lists/oss-security/2016/09/14/7
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7406.html
https://api.first.org/data/v1/epss?cve=CVE-2016-7406
https://bugzilla.redhat.com/show_bug.cgi?id=1376353
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7406
https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
https://security.gentoo.org/glsa/201702-23
http://www.openwall.com/lists/oss-security/2016/09/14/7
http://www.openwall.com/lists/oss-security/2016/09/15/2
http://www.securityfocus.com/bid/92974
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*
CVE-2016-7406 https://nvd.nist.gov/vuln/detail/CVE-2016-7406
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2016-7406
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-7406
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.91058
EPSS Score 0.02911
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.