CVE-2024-2873

{"id": "CVE-2024-2873", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "facts@wolfssl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2024-03-25T22:37:19.847", "references": [{"url": "https://github.com/wolfSSL/wolfssh/pull/670", "tags": ["Issue Tracking"], "source": "facts@wolfssl.com"}, {"url": "https://github.com/wolfSSL/wolfssh/pull/671", "tags": ["Issue Tracking"], "source": "facts@wolfssl.com"}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "tags": ["Vendor Advisory"], "source": "facts@wolfssl.com"}, {"url": "https://github.com/wolfSSL/wolfssh/pull/670", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/wolfSSL/wolfssh/pull/671", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "facts@wolfssl.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.\n"}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en la m\u00e1quina de estado del lado del servidor de wolfSSH antes de las versiones 1.4.17. Un cliente malintencionado podr\u00eda crear canales sin realizar primero la autenticaci\u00f3n del usuario, lo que provocar\u00eda un acceso no autorizado."}], "lastModified": "2025-12-05T20:09:27.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wolfssh:wolfssh:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F84F99B-681F-43B2-BEA5-B3ED6BFABC3D", "versionEndExcluding": "1.4.17"}], "operator": "OR"}]}], "sourceIdentifier": "facts@wolfssl.com"}