Vulnerability Details : CVE-2015-5600
Potential exploit
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
Vulnerability category: Denial of service
Products affected by CVE-2015-5600
- cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
Threat overview for CVE-2015-5600
Top countries where our scanners detected CVE-2015-5600
Top open port discovered on systems with this issue
22
IPs affected by CVE-2015-5600 2,622,211
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-5600!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-5600
40.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5600
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:N/A:C |
10.0
|
7.8
|
NIST |
CWE ids for CVE-2015-5600
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5600
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10157
McAfee Security Bulletin: Network Security Virtual Platform update resolves OpenSSH vulnerability that bypasses authentication restrictions defined by MaxAuthTries
-
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c
CVS log for src/usr.bin/ssh/auth2-chall.c
-
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=h
src/usr.bin/ssh/auth2-chall.c - diff - 1.43
-
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480
HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service (DoS)
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10697
Juniper Networks - 2015-10 Security Bulletin: Junos: OpenSSH brute force keyboard interactive MaxAuthTries bypass (CVE-2015-5600)
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html
[SECURITY] Fedora 22 Update: openssh-6.9p1-3.fc22
-
http://www.securityfocus.com/bid/91787
Oracle July 2016 Critical Patch Update Multiple Vulnerabilities
-
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Oracle Solaris Third Party Bulletin - October 2015
-
http://openwall.com/lists/oss-security/2015/07/23/4
oss-security - Re: CVE Request for OpenSSH vulnerability - authentication limits bypass
-
http://www.ubuntu.com/usn/USN-2710-1
USN-2710-1: OpenSSH vulnerabilities | Ubuntu security notices
-
https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12
Security Advisory 0012 - Arista
-
http://rhn.redhat.com/errata/RHSA-2016-0466.html
RHSA-2016:0466 - Security Advisory - Red Hat Customer Portal
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF)
-
https://security.gentoo.org/glsa/201512-04
OpenSSH: Multiple vulnerabilities (GLSA 201512-04) — Gentoo security
-
https://support.apple.com/kb/HT205031
About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006 - Apple Support
-
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Oracle Critical Patch Update - July 2016
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Oracle Linux Bulletin - April 2016
-
https://security.netapp.com/advisory/ntap-20151106-0001/
CVE-2015-5600 OpenSSH MaxAuthTries Bypass Vulnerability in NetApp Products | NetApp Product Security
-
http://www.securitytracker.com/id/1032988
OpenSSH 'KbdInteractiveDevices' Lets Remote Users Bypass Security Restrictions on the Target System - SecurityTracker
-
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Apple - Lists.apple.com
-
http://seclists.org/fulldisclosure/2015/Jul/92
Full Disclosure: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass)Exploit
-
http://www.securityfocus.com/bid/92012
RETIRED: Oracle Integrated Lights Out Manager CVE-2015-5600 Remote Security Vulnerability
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
[security-announce] SUSE-SU-2015:1581-1: important: Security update for
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html
[SECURITY] Fedora 21 Update: openssh-6.6.1p1-16.fc21
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10136
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016
-
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
-
http://www.ubuntu.com/usn/USN-2710-2
USN-2710-2: OpenSSH regression | Ubuntu security notices
-
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
[SECURITY] [DLA 1500-1] openssh security update
-
http://www.securityfocus.com/bid/75990
OpenSSH Login Handling Security Bypass Weakness
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992
HPSBST03599 rev.2 - HPE 3PAR OS running OpenSSH, Remote Denial of Service (DoS), Access Restriction Bypass
Jump to