PT-2024-29627 · Apache · Apache Mina Sshd
Fabian Bäumer
·
Published
2024-08-12
·
Updated
2024-08-30
·
CVE-2024-41909
CVSS v4.0
8.2
High
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Apache MINA SSHD versions prior to 2.12.0
Description
The issue, also known as a Terrapin attack, allows an attacker who can intercept traffic between the client and server to drop certain packets, potentially downgrading or disabling some security features. This could cause the client and server to end up with a connection that has reduced security.
Recommendations
For Apache MINA SSHD versions prior to 2.12.0, upgrade to at least version 2.12.0 to apply the necessary mitigations against this issue. Ensure that both the client and server implementations are updated, as only updating one may not fully prevent the attack.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Mina Sshd