Strix
26.1K

CVE-2012-5975

UnknownEPSS 35.87%

Last modified

CVE-2012-5975 is a vulnerability of currently unknown severity. The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.. EPSS estimates a 35.87% chance of exploitation in the next 30 days.

Description

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.

Metrics

EPSS Probability
35.87%

98.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SshTectia Server6.0.4
SshTectia Server6.0.5
SshTectia Server6.0.6
SshTectia Server6.0.7
SshTectia Server6.0.8
SshTectia Server6.0.9
SshTectia Server6.0.10
SshTectia Server6.0.11
SshTectia Server6.0.12
SshTectia Server6.0.13
SshTectia Server6.0.14
SshTectia Server6.0.17
SshTectia Server6.0.18
SshTectia Server6.0.19
SshTectia Server6.0.20.
SshTectia Server6.1.0
SshTectia Server6.1.1
SshTectia Server6.1.2
SshTectia Server6.1.3
SshTectia Server6.1.4
SshTectia Server6.1.5
SshTectia Server6.1.6
SshTectia Server6.1.7
SshTectia Server6.1.8
SshTectia Server6.1.9
SshTectia Server6.1.12
SshTectia Server6.2.0
SshTectia Server6.2.1
SshTectia Server6.2.2
SshTectia Server6.2.3
SshTectia Server6.2.4
SshTectia Server6.2.5
SshTectia Server6.3.0
SshTectia Server6.3.1
SshTectia Server6.3.2

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2012-5975?
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
How severe is CVE-2012-5975?
Severity scoring for CVE-2012-5975 is pending analysis. The EPSS model estimates a 35.87% probability of exploitation in the next 30 days.
How do I fix CVE-2012-5975?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-5975?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST