Rewterz Threat Alert – Tofsee Malware – Active IOCs
November 16, 2022Rewterz Threat Advisory – Multiple Cisco Identity Services Engine Vulnerabilities
November 17, 2022Rewterz Threat Alert – Tofsee Malware – Active IOCs
November 16, 2022Rewterz Threat Advisory – Multiple Cisco Identity Services Engine Vulnerabilities
November 17, 2022Severity
High
Analysis Summary
CVE-2022-45047
Apache MINA SSHD could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider class. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
Code Execution
Indicators Of Compromise
CVE
- CVE-2022-45047
Affected Vendors
Apache
Affected Products
- Apache MINA SSHD 2.9.1
Remediation
Upgrade to the latest version of Apache MINA SSHD, available from the Apache Website.