CVE-2024-6580

LOW Year: 2024
Weakness Type
CWE-1390
View all →

Vulnerability Description

The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user access without verifying the SSH public key or certificate (which would most likely be a separate vulnerability in the calling application). IPWorks SSH versions 22.0.8945 and 24.0.8945 were released to address this condition by blocking all filesystem and network path requests for SSH public keys or certificates.

Related Vulnerabilities

CVE-2022-43400

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Act...

CWE-13902022

CVE-2024-13239

CRITICAL
CVSS:9.8(Critical)

Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.

CWE-13902024

CVE-2024-38182

CRITICAL
CVSS:9.8(Critical)

Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.

CWE-13902024

CVE-2024-48886

CRITICAL
CVSS:9.8(Critical)

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, ...

CWE-13902024

CVE-2024-50563

CRITICAL
CVSS:9.8(Critical)

A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 thr...

CWE-13902024

CVE-2024-54092

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All v...

CWE-13902024