CVE-1999-1085 — Vulnetix

Try Vulnetix Request Demo

CVE-1999-1085 PUBLISHED CVSS 5 MEDIUM

SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack."

EPSS 3.16% · 86.8th percentile

Risk Scores

CVSS v2.0

5

EPSS Score

3.16%

86.8th percentile

Affected Products

Vendor	Product	Versions
ssh	secure_shell	1.2.23, 1.2.25
n/a	n/a	n/a

Timeline

Jun 12, 1998 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Oct 22, 2022 EPSS Score
Dec 13, 2022 EPSS Score
Feb 3, 2023 EPSS Score
Mar 27, 2023 EPSS Score
May 18, 2023 EPSS Score
Jul 9, 2023 EPSS Score
Aug 29, 2023 EPSS Score

References

19980703 UPDATE: SSH insertion attack mailing-list
ssh-insert(1126) vdb
VU#13877 third-party-advisory
19980612 CORE-SDI-04: SSH insertion attack mailing-list
https://nvd.nist.gov/vuln/detail/CVE-1999-1085 advisory

Open in Interactive Console →