Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2021-36370

Published: 30/08/2021 Updated: 08/09/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

An issue exists in Midnight Commander up to and including 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

midnight-commander midnight commander

Vendor Advisories

Debian CVElist Bug Report Logs: mc: CVE-2021-36370
Debian Bug report logs - #993404 mc: CVE-2021-36370 Package: src:mc; Maintainer for src:mc is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 31 Aug 2021 19:45:01 UTC Severity: important Tags: security, upstream Found in versions mc/3:4822-1, mc/3:4826-11 ...
Amazon Linux 2: ALAS2-2023-2147
An issue was discovered in Midnight Commander through 4826 When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed As a result, a user connects to the server without the ability to verify its authenticity (CVE-2021-36370) ...
Arch Linux Issues:
An issue was discovered in Midnight Commander through 4826 When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed As a result, a user connects to the server without the ability to verify its authenticity ...

References

CWE-287https://github.com/MidnightCommander/mc/blob/master/src/vfs/sftpfs/connection.chttps://github.com/MidnightCommander/mc/blob/5c1d3c55dd15356ec7d079084d904b7b0fd58d3e/src/vfs/sftpfs/connection.c#L484https://sourceforge.net/projects/mcwin32/files/https://midnight-commander.org/https://mail.gnome.org/archives/mc-devel/2021-August/msg00008.htmlhttps://docs.ssh-mitm.at/CVE-2021-36370.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993404https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2023-2147.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2024-34001CVE-2024-37018LFICVE-2024-1275CVE-2024-1086CSRFCVE-2024-31030CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook