Vulnerability Details : CVE-2014-4749
IBM PowerVC 1.2.0 before FixPack3 does not properly use the known_hosts file, which allows man-in-the-middle attackers to spoof SSH servers via an arbitrary server key.
Exploit prediction scoring system (EPSS) score for CVE-2014-4749
Probability of exploitation activity in the next 30 days: 0.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 46 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-4749
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-4749
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4749
-
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020224
IBM notice: The page you requested cannot be displayedVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/94351
IBM PowerVC SSH Communication vulnerable to MITM attacks CVE-2014-4749 Vulnerability Report
Products affected by CVE-2014-4749
- cpe:2.3:a:ibm:powervc:1.2.0.1:*:*:*:standard:*:*:*
- cpe:2.3:a:ibm:powervc:1.2.0.2:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:powervc:1.2.0.0:*:*:*:standard:*:*:*
- cpe:2.3:a:ibm:powervc:1.2.0.1:*:*:*:express:*:*:*
- cpe:2.3:a:ibm:powervc:1.2.0.2:*:*:*:standard:*:*:*
- cpe:2.3:a:ibm:powervc:1.2.0.0:*:*:*:express:*:*:*