Vulnerability Details : CVE-2012-5975
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
Vulnerability category: BypassGain privilege
Public exploit exists!
Exploit prediction scoring system (EPSS) score for CVE-2012-5975
Probability of exploitation activity in the next 30 days: 49.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2012-5975
-
Tectia SSH USERAUTH Change Request Password Reset Vulnerability
Disclosure Date: 2012-12-01First seen: 2020-04-26exploit/unix/ssh/tectia_passwd_changereqThis module exploits a vulnerability in Tectia SSH server for Unix-based platforms. The bug is caused by a SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ request before password authentication, allowing any remote user to bypass the login routine, and then gain access as root
CVSS scores for CVE-2012-5975
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
nvd@nist.gov |
CWE ids for CVE-2012-5975
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5975
-
http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html
-
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb
metasploit-framework/tectia_passwd_changereq.rb at master · rapid7/metasploit-framework · GitHubExploit
-
http://www.exploit-db.com/exploits/23082/
(SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Remote Authentication Bypass - Linux remote Exploit
-
http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html
Products affected by CVE-2012-5975
- cpe:2.3:a:ssh:tectia_server:6.0.4:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.13:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.12:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.11:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.7:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.6:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.18:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.14:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.6:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.9:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.7:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.4:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.2.4:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.2.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.3.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.20.:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.12:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.9:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.2.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.2.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.3.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.3.1:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.19:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.17:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.10:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.0.8:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.8:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.1.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.2.5:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:ssh:tectia_server:6.2.3:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel