VDB
CVE-2019-19753
CVE-2019-19753
PUBLISHED
CVSS 9.100000381469727 CRITICAL
SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: the vendor indicated that they have no plans to fix this, and discourage deployment using public IPv4.
EPSS 0.16% · 37.0th percentile
Risk Scores
CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.16%
37.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a, n/a |
| stupidthings.net | simpleminingos | 0, 0 |
Exploit Intelligence
- https://simplemining.net/page/changelog (circl)
- https://rsaxvc.net/blog/2020/4/10/Widespread_re-use_of_SSH_Host_Keys_in_Ethereum_Mining_Rig_Operating_Systems.html (vulncheck)
- (vulncheck-reported-exploitation)
- (vulncheck-reported-exploitation)
- (vulncheck-reported-exploitation)
Timeline
- Apr 10, 2020 VulnCheck KEV Exploitation
- Apr 30, 2024 CVE Published
- May 1, 2024 EPSS Score
- May 25, 2024 EPSS Score
- Jun 19, 2024 EPSS Score
- Jul 13, 2024 EPSS Score
- Aug 5, 2024 CVE Updated
- Aug 7, 2024 EPSS Score
- Aug 31, 2024 EPSS Score
- Sep 25, 2024 EPSS Score
- Oct 19, 2024 EPSS Score
- Nov 13, 2024 EPSS Score