CVE-2023-43660

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Sep 27, 2023

Updated: Oct 2, 2023

CWE ID 287

CWE ID 347

Summary

CVE-2023-43660 is a vulnerability affecting Warpgate, an SSH, HTTPS, and MySQL bastion host for Linux. It allows an attacker to bypass user authentication by sending an unsigned SSH key offer, provided they know the username, a valid target name, and have access to the user's public key. This issue only impacts accounts that require SSH public key authentication and has been addressed in Warpgate version 0.8.1. Users are urged to upgrade as soon as possible, as no known workarounds exist for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/svd3Do
https://www.cve.org/CVERecord?id=CVE-2023-43660
https://nvd.nist.gov/vuln/detail/CVE-2023-43660

Back to Vulnerability Database

CVE-2023-43660

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations