CVE-2007-1099

Name: CVE-2007-1099
Creator: NVD / NIST
Published: 2007-02-26T17:28:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.10%

Last modified Jun 16, 2026

CVE-2007-1099 is a vulnerability of currently unknown severity. dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.. EPSS estimates a 2.10% chance of exploitation in the next 30 days.

Description

dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.

Metrics

EPSS Probability

2.10%

79.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Dropbear Ssh Project	Dropbear Ssh	< 0.49

References

http://matt.ucc.asn.au/dropbear/CHANGESVendor Advisory
http://osvdb.org/33814Broken Link
http://secunia.com/advisories/24345Third Party Advisory
http://www.osvdb.org/32088Broken Link
http://www.securityfocus.com/bid/22761Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2007/0785Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32762Third Party Advisory, VDB Entry
http://matt.ucc.asn.au/dropbear/CHANGESVendor Advisory
http://osvdb.org/33814Broken Link
http://secunia.com/advisories/24345Third Party Advisory
http://www.osvdb.org/32088Broken Link
http://www.securityfocus.com/bid/22761Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2007/0785Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32762Third Party Advisory, VDB Entry

Timeline

Published: Feb 26, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-1099?

dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.

How severe is CVE-2007-1099?

Severity scoring for CVE-2007-1099 is pending analysis. The EPSS model estimates a 2.10% probability of exploitation in the next 30 days.

How do I fix CVE-2007-1099?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-1099?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST