Vulnerabilities

The following section provides an overview of recent vulnerabilities in SSH clients, servers, and related programs. This information is crucial for understanding potential threats and ensuring the security of your SSH-based systems during malware analysis, security audits, and other projects.

Understanding the common vulnerabilities and their impact is essential for organizations looking to secure their infrastructure and minimize the risk of a successful attack.

Note

Only vulnerabilities, which are included in SSH-MITM, are listed.

The vulnerabilities are divided into 4 categories to show the risk.

Severity	Base Score Range	Description
none	0.0	No risk or not a vulnerability
low	0.1-3.9	Low risk
medium	4.0-6.9	Medium risk
high	7.0-10.0	High risk

• OpenSSH
  • CVSS 9.8 CVE-2023-38408
  • CVSS 9.8 CVE-2023-25136
  • CVSS 3.7 CVE-2021-36368
  • CVSS 7.8 CVE-2020-15778
  • CVSS 5.9 CVE-2020-14145
  • CVSS 5.9 CVE-2019-6111
  • CVSS 6.8 CVE-2019-6110
  • CVSS 6.8 CVE-2019-6109
  • CVSS 5.3 CVE-2016-20012
• PuTTY
  • CVSS 8.1 CVE-2021-36367
  • CVSS 7.5 CVE-2021-33500
  • CVSS 5.9 CVE-2020-14002
• Dropbear
  • CVSS 8.1 CVE-2021-36369
• WinSCP
  • CVSS 5.9 CVE-2019-6111
  • CVSS 6.8 CVE-2019-6110
  • CVSS 6.8 CVE-2019-6109
• Midnight Commander
  • CVSS 7.5 CVE-2021-36370
• rsync
  • CVSS 7.4 CVE-2022-29154
  • CVSS 0.0 CVE-2021-3755
• Rust
  • CVSS 5.3 CVE-2022-46176
• MobaXterm
  • CVSS 8.1 CVE-2022-38336
  • CVSS 9.1 CVE-2022-38337