CVE-2021-36368 — LOW (3.7) — White Hats Nepal

Q: How severe is CVE-2021-36368?

CVE-2021-36368 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-36368?

Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh, Debian Debian Linux.

Vulnerability Description

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed.

CVSS Score

3.7

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Openbsd	Openssh	< 8.9
Debian	Debian Linux	9.0

Related Weaknesses (CWE)

CWE-287

References

https://bugzilla.mindrot.org/show_bug.cgi?id=3316Issue TrackingThird Party Advisory
https://docs.ssh-mitm.at/trivialauth.htmlThird Party Advisory
https://github.com/openssh/openssh-portable/pull/258PatchThird Party Advisory
https://security-tracker.debian.org/tracker/CVE-2021-36368Third Party Advisory
https://www.openssh.com/security.htmlVendor Advisory
https://bugzilla.mindrot.org/show_bug.cgi?id=3316Issue TrackingThird Party Advisory
https://docs.ssh-mitm.at/trivialauth.htmlThird Party Advisory
https://github.com/openssh/openssh-portable/pull/258PatchThird Party Advisory
https://security-tracker.debian.org/tracker/CVE-2021-36368Third Party Advisory
https://www.openssh.com/security.htmlVendor Advisory

FAQ

What is CVE-2021-36368?

CVE-2021-36368 is a vulnerability with a CVSS score of 3.7 (LOW). An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to ...

How severe is CVE-2021-36368?

CVE-2021-36368 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-36368?

Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh, Debian Debian Linux.