VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-yj28-6t8n-fyd7

Essentials
Severities (55)
References (21)
Severity details (27)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-yj28-6t8n-fyd7
Aliases	CVE-2023-46445 GHSA-cfc2-wr2v-gxm5 PYSEC-2023-237
Summary	An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-345	Insufficient Verification of Data Authenticity
CWE-349	Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-354	Improper Validation of Integrity Check Value
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	5.3	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
generic_textual	MODERATE	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46445.json
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
epss	0.00422	https://api.first.org/data/v1/epss?cve=CVE-2023-46445
cvssv3.1	5.3	https://github.com/advisories/GHSA-cfc2-wr2v-gxm5
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-cfc2-wr2v-gxm5
generic_textual	MODERATE	https://github.com/advisories/GHSA-cfc2-wr2v-gxm5
cvssv3.1	5.3	https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-237.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-237.yaml
cvssv3.1	5.3	https://github.com/ronf/asyncssh
generic_textual	MODERATE	https://github.com/ronf/asyncssh
cvssv3.1	5.3	https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
generic_textual	MODERATE	https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
cvssv3.1	5.3	https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
generic_textual	MODERATE	https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
cvssv3.1	5.3	https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5
cvssv3.1	5.9	https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5
cvssv3.1_qr	MODERATE	https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5
generic_textual	MODERATE	https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5
cvssv3.1	5.3	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2023-46445
cvssv3.1	5.9	https://nvd.nist.gov/vuln/detail/CVE-2023-46445
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2023-46445
cvssv3.1	5.3	https://security.netapp.com/advisory/ntap-20231222-0001
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20231222-0001
cvssv3.1	5.3	https://www.terrapin-attack.com
generic_textual	MODERATE	https://www.terrapin-attack.com

Reference id	Reference type	URL
		http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46445.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-46445
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46445
		https://github.com/advisories/GHSA-cfc2-wr2v-gxm5
		https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-237.yaml
		https://github.com/ronf/asyncssh
		https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
		https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
		https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE/
		https://nvd.nist.gov/vuln/detail/CVE-2023-46445
		https://security.netapp.com/advisory/ntap-20231222-0001
		https://security.netapp.com/advisory/ntap-20231222-0001/
		https://www.terrapin-attack.com
1056000		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056000
2250326		https://bugzilla.redhat.com/show_bug.cgi?id=2250326
cpe:2.3:a:asyncssh_project:asyncssh::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asyncssh_project:asyncssh::::::::
USN-7108-1		https://usn.ubuntu.com/7108-1/
USN-7108-2		https://usn.ubuntu.com/7108-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46445.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/advisories/GHSA-cfc2-wr2v-gxm5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-237.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/ronf/asyncssh

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-46445

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-46445

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://security.netapp.com/advisory/ntap-20231222-0001

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.terrapin-attack.com

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.61231
EPSS Score	0.00422
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:24:05.211845+00:00	Pypa Importer	Import	https://github.com/pypa/advisory-database/blob/main/vulns/asyncssh/PYSEC-2023-237.yaml	37.0.0