Vulnerability Details : CVE-2004-1653
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
Threat overview for CVE-2004-1653
Top countries where our scanners detected CVE-2004-1653
Top open port discovered on systems with this issue
22
IPs affected by CVE-2004-1653 42,861
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2004-1653!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2004-1653
Probability of exploitation activity in the next 30 days: 1.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-1653
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
Vendor statements for CVE-2004-1653
-
Red Hat 2009-11-25Permitting TCP forwarding is the expected and known default configuration. If it is not desired, it can disabled using the AllowTcpForwarding option in the /etc/ssh/sshd_config configuration file. However, only disabling TCP forwarding does not improve security unless users are also denied shell access. For more information, see man sshd_config.
- cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*