CVE-2013-4436

Name: CVE-2013-4436
Creator: NVD / NIST
Published: 2013-11-05T18:55:04.837+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.82%

Last modified Jun 16, 2026

CVE-2013-4436 is a vulnerability of currently unknown severity. The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.. EPSS estimates a 1.82% chance of exploitation in the next 30 days.

Description

The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.

Metrics

EPSS Probability

1.82%

76.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Saltstack	Salt	0.17.0

References

http://docs.saltstack.com/topics/releases/0.17.1.htmlPatch, Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/10/18/3
http://docs.saltstack.com/topics/releases/0.17.1.htmlPatch, Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/10/18/3

Timeline

Published: Nov 5, 2013
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-4436?

How severe is CVE-2013-4436?

Severity scoring for CVE-2013-4436 is pending analysis. The EPSS model estimates a 1.82% probability of exploitation in the next 30 days.

How do I fix CVE-2013-4436?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-4436?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST