CVE-2024-2873 - Vulnerability Details - OpenCVE

Description

A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.

Published: 2024-03-25

Score: 9.1 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

wolfSSL Inc.

wolfSSH

unaffected

Version	Status	Constraints
`0`	affected	≤ v1.4.16

Configuration 1 [-]

cpe:2.3:a:wolfssh:wolfssh:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Solution

The fix for this issue is located in the following GitHub Pull Requests: * https://github.com/wolfSSL/wolfssh/pull/670 * https://github.com/wolfSSL/wolfssh/pull/671

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-27817	A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00349.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/wolfSSL/wolfssh/pull/670
https://github.com/wolfSSL/wolfssh/pull/671
https://www.wolfssl.com/docs/security-vulnerabilities/

History

Fri, 05 Dec 2025 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wolfssh Wolfssh wolfssh
CPEs		cpe:2.3:a:wolfssh:wolfssh::::::::
Vendors & Products		Wolfssh Wolfssh wolfssh

Subscriptions

Wolfssh Wolfssh

MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published: 2024-03-25T21:58:52.325Z

Updated: 2024-08-01T19:50:46.158Z

Reserved: 2024-03-25T20:28:07.035Z

Link: CVE-2024-2873

Vulnrichment

Updated: 2024-08-01T19:25:42.177Z

NVD

Status : Analyzed

Published: 2024-03-25T22:37:19.847

Modified: 2025-12-05T20:09:27.363

Link: CVE-2024-2873

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-287

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2873", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "state": "PUBLISHED", "assignerShortName": "wolfSSL", "dateReserved": "2024-03-25T20:28:07.035Z", "datePublished": "2024-03-25T21:58:52.325Z", "dateUpdated": "2024-08-01T19:50:46.158Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "wolfSSH", "repo": "https://github.com/wolfSSL/wolfssh", "vendor": "wolfSSL Inc.", "versions": [{"lessThanOrEqual": "v1.4.16", "status": "affected", "version": "0", "versionType": "release bundle"}]}], "datePublic": "2024-03-25T23:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.<br>"}], "value": "A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.\n"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2024-03-25T21:58:52.325Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/wolfSSL/wolfssh/pull/670"}, {"tags": ["patch"], "url": "https://github.com/wolfSSL/wolfssh/pull/671"}, {"tags": ["vendor-advisory"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: transparent;\">The fix for this issue is located in the following GitHub Pull Requests:<br><ul><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/wolfSSL/wolfssh/pull/670\">https://github.com/wolfSSL/wolfssh/pull/670</a><br></li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/wolfSSL/wolfssh/pull/671\">https://github.com/wolfSSL/wolfssh/pull/671</a><br></li></ul></span>"}], "value": "The fix for this issue is located in the following GitHub Pull Requests:\n * https://github.com/wolfSSL/wolfssh/pull/670 \n\n * https://github.com/wolfSSL/wolfssh/pull/671 \n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "User authentication bypass in wolfSSH server", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:25:42.177Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/wolfSSL/wolfssh/pull/670"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/wolfSSL/wolfssh/pull/671"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}]}, {"affected": [{"vendor": "wolfssh", "product": "wolfssh", "cpes": ["cpe:2.3:a:wolfssh:wolfssh:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "1.4.16", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T19:41:19.753078Z", "id": "CVE-2024-2873", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T19:50:46.158Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/wolfSSL/wolfssh/pull/670", "tags": ["patch", "x_transferred"]}, {"url": "https://github.com/wolfSSL/wolfssh/pull/671", "tags": ["patch", "x_transferred"]}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:25:42.177Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2873", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-01T19:41:19.753078Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wolfssh:wolfssh:*:*:*:*:*:*:*:*"], "vendor": "wolfssh", "product": "wolfssh", "versions": [{"status": "affected", "version": "0", "lessThan": "1.4.16", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T19:43:43.379Z"}}], "cna": {"title": "User authentication bypass in wolfSSH server", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/wolfSSL/wolfssh", "vendor": "wolfSSL Inc.", "product": "wolfSSH", "versions": [{"status": "affected", "version": "0", "versionType": "release bundle", "lessThanOrEqual": "v1.4.16"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The fix for this issue is located in the following GitHub Pull Requests:\n * https://github.com/wolfSSL/wolfssh/pull/670 \n\n * https://github.com/wolfSSL/wolfssh/pull/671 \n\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: transparent;\">The fix for this issue is located in the following GitHub Pull Requests:<br><ul><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/wolfSSL/wolfssh/pull/670\">https://github.com/wolfSSL/wolfssh/pull/670</a><br></li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/wolfSSL/wolfssh/pull/671\">https://github.com/wolfSSL/wolfssh/pull/671</a><br></li></ul></span>", "base64": false}]}], "datePublic": "2024-03-25T23:00:00.000Z", "references": [{"url": "https://github.com/wolfSSL/wolfssh/pull/670", "tags": ["patch"]}, {"url": "https://github.com/wolfSSL/wolfssh/pull/671", "tags": ["patch"]}, {"url": "https://www.wolfssl.com/docs/security-vulnerabilities/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.\n", "supportingMedia": [{"type": "text/html", "value": "A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "shortName": "wolfSSL", "dateUpdated": "2024-03-25T21:58:52.325Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2873", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:50:46.158Z", "dateReserved": "2024-03-25T20:28:07.035Z", "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27", "datePublished": "2024-03-25T21:58:52.325Z", "assignerShortName": "wolfSSL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wolfssh:wolfssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F84F99B-681F-43B2-BEA5-B3ED6BFABC3D", "versionEndExcluding": "1.4.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.\n"}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en la m\u00e1quina de estado del lado del servidor de wolfSSH antes de las versiones 1.4.17. Un cliente malintencionado podr\u00eda crear canales sin realizar primero la autenticaci\u00f3n del usuario, lo que provocar\u00eda un acceso no autorizado."}], "id": "CVE-2024-2873", "lastModified": "2025-12-05T20:09:27.363", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "facts@wolfssl.com", "type": "Secondary"}]}, "published": "2024-03-25T22:37:19.847", "references": [{"source": "facts@wolfssl.com", "tags": ["Issue Tracking"], "url": "https://github.com/wolfSSL/wolfssh/pull/670"}, {"source": "facts@wolfssl.com", "tags": ["Issue Tracking"], "url": "https://github.com/wolfSSL/wolfssh/pull/671"}, {"source": "facts@wolfssl.com", "tags": ["Vendor Advisory"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/wolfSSL/wolfssh/pull/670"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/wolfSSL/wolfssh/pull/671"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.wolfssl.com/docs/security-vulnerabilities/"}], "sourceIdentifier": "facts@wolfssl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "facts@wolfssl.com", "type": "Secondary"}]}