CVE-2020-5200 : Minerbabe through V4.16 ships with SSH host keys baked into the installation ima

Minerbabe through V4.16 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io.

Published 2024-04-30 00:00:00

Updated 2024-11-04 20:35:01

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-5200

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2020-5200

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 9 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-5200

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.9	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	2.5	3.4	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-11-04
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low

References for CVE-2020-5200

https://rsaxvc.net/blog/2020/4/10/Widespread_re-use_of_SSH_Host_Keys_in_Ethereum_Mining_Rig_Operating_Systems.html

Widespread re-use of SSH Host Keys in Ethereum Mining Rig Operating Systems

CVEs referencing this url
https://en.minerbabe.com/pc.html/#/helps/updateLog

Jump to

Vulnerability Details : CVE-2020-5200

Products affected by CVE-2020-5200

Exploit prediction scoring system (EPSS) score for CVE-2020-5200

CVSS scores for CVE-2020-5200

References for CVE-2020-5200