CVE-2001-1473

NUCLEI

SSH-1 - Man-in-the-middle

Title source: llm

Description

The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.

Exploits (1)

inthewild

poc

https://github.com/0xget/cve-2001-1473

View on inthewild

Nuclei Templates (1)

Deprecated SSHv1 Protocol Detection

HIGHby iamthefrogy

References (2)

[US Government Resource] http://www.kb.cert.org/vuls/id/684820

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/6603

Scores

EPSS 0.0517

EPSS Percentile 89.9%

Details

CWE

CWE-310

Status published

Products (8)

ssh/ssh 1.2.24

ssh/ssh 1.2.25

ssh/ssh 1.2.26

ssh/ssh 1.2.27

ssh/ssh 1.2.28

ssh/ssh 1.2.29

ssh/ssh 1.2.30

ssh/ssh 1.2.31

Published Jan 18, 2001

Tracked Since Feb 18, 2026