Vulnerabilities > CVE-2023-46446 - Authorization Bypass Through User-Controlled Key vulnerability in Asyncssh Project Asyncssh
Attack vector
NETWORK Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Related news
References
- https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE/
- https://www.terrapin-attack.com
- https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
- https://github.com/advisories/GHSA-c35q-ffpf-5qpm
- http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
- https://security.netapp.com/advisory/ntap-20231222-0001/