CVE-2020-9355

moderate-risk
Published 2020-02-23

danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.

Do I need to act?

-
0.53% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 8f5de0b3f8c969e99afa32f5e654075213606bb3
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (3)

Networkmanager-Ssh

Affected Vendors

Debian Networkmanager-Ssh Project

References (8)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1803499
Third Party Advisory https://github.com/danfruehauf/NetworkManager-ssh/pull/98
Release Notes https://github.com/danfruehauf/NetworkManager-ssh/releases/tag/1.2.11
Third Party Advisory https://www.debian.org/security/2020/dsa-4637
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1803499
Third Party Advisory https://github.com/danfruehauf/NetworkManager-ssh/pull/98
Release Notes https://github.com/danfruehauf/NetworkManager-ssh/releases/tag/1.2.11
Third Party Advisory https://www.debian.org/security/2020/dsa-4637
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 9/34 · Low