Published: 05/03/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.1 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 410

Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P

ssh-agent in OpenSSH prior to 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openbsd openssh
fedoraproject fedora 33
fedoraproject fedora 34
netapp cloud backup -
netapp solidfire -
netapp hci management node -
netapp hci_compute_node_firmware -
netapp hci_storage_node_firmware -
oracle zfs storage appliance 8.8
oracle communications offline mediation controller 12.0.0.3.0

Debian Bug report logs - #984940 CVE-2021-28041 Package: src:openssh; Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 10 Mar 2021 17:00:01 UTC Severity: important Tags: security Found in version openssh/1:84p1-4 ...

ssh-agent in OpenSSH before 85 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host ...

Critical Infrastructure Sectors: Critical Manufacturing

Red Team: Summary of Operations Table of Contents Exposed Services Critical Vulnerabilities Exploitation Exposed Services Nmap scan results for each machine reveal the below services and OS details: $ nmap #nmap 19216810/24 -sV This scan identifies the services below as potential points of entry: Target 1 Port 22 - Open SSH Po

Nmap's XML result parse and NVD's CPE correlation to search CVE.

CrowFlag This script analyses the Nmap XML scanning results, parses each CPE context and correlates to search CVE on NIST You can use that to find public vulnerabilities in services View Code · Report Bug · View Wiki Getting Started: Before we start Tested using python 3615 (for manual installation) If any error rai

CWE-415 https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db https://www.openssh.com/txt/release-8.5 https://www.openwall.com/lists/oss-security/2021/03/03/1 https://www.openssh.com/security.html https://security.netapp.com/advisory/ntap-20210416-0002/https://security.gentoo.org/glsa/202105-35 https://www.oracle.com//security-alerts/cpujul2021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984940 https://nvd.nist.gov https://github.com/accalina/crowflag https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

CVE-2021-28041

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect