Vulnerability Details : CVE-2012-5975
Public exploit exists!
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
Vulnerability category: BypassGain privilege
Products affected by CVE-2012-5975
- cpe:2.3:a:ssh:tectia_server:6.0.4:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.13:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.12:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.11:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.7:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.6:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.18:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.14:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.6:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.9:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.7:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.4:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.2.4:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.2.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.3.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.20.:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.12:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.9:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.2.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.2.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.3.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.3.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.19:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.17:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.10:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.8:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.8:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.2.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.2.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
Exploit prediction scoring system (EPSS) score for CVE-2012-5975
47.91%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2012-5975
-
Tectia SSH USERAUTH Change Request Password Reset Vulnerability
Disclosure Date: 2012-12-01First seen: 2020-04-26exploit/unix/ssh/tectia_passwd_changereqThis module exploits a vulnerability in Tectia SSH server for Unix-based platforms. The bug is caused by a SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ request before password authentication, allowing any remote user to bypass the login routine, and then gain access as root
CVSS scores for CVE-2012-5975
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2012-5975
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5975
-
http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html
-
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb
metasploit-framework/tectia_passwd_changereq.rb at master · rapid7/metasploit-framework · GitHubExploit
-
http://www.exploit-db.com/exploits/23082/
(SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Remote Authentication Bypass - Linux remote Exploit
-
http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html
Jump to