CVE-2007-1099
EPSS 1.7%
Description
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.
How to fix CVE-2007-1099
To remediate CVE-2007-1099, upgrade the affected package to a fixed version below.
- Debian/dropbear—upgrade to 0.49-1 or later
Is CVE-2007-1099 being exploited?
Low — EPSS is 1.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.49-1