PT-2024-10729 · Ethos · Ethos
Published
2024-04-30
·
Updated
2024-10-25
·
CVE-2019-19755
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
ethOS versions 1.3.3 and earlier
Description
The issue allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io, as the software ships with SSH host keys baked into the installation image. The vendor indicated that they plan to fix this as of 2019-12-01.
Recommendations
For versions 1.3.3 and earlier, consider regenerating SSH host keys to prevent man-in-the-middle attacks. As a temporary workaround, restrict access to the SSH service to minimize the risk of exploitation.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ethos