Vulnerability Description
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ssh | Ssh | 1.2.24 |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/684820US Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6603
- http://www.kb.cert.org/vuls/id/684820US Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6603
FAQ
What is CVE-2001-1473?
CVE-2001-1473 is a vulnerability with a CVSS score of 7.5 (HIGH). The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the targ...
How severe is CVE-2001-1473?
CVE-2001-1473 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1473?
Check the references section above for vendor advisories and patch information. Affected products include: Ssh Ssh.