What is CVE-2023-48795?

CVE-2023-48795 is a medium-severity vulnerability in 9bis Kitty, classified under Improper Validation of Integrity Check Value. CVSS score: 5.9/10. Published 2023-12-18.

How severe is CVE-2023-48795?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Is CVE-2023-48795 known to be exploited?

59 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in 9bis Kitty

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and…

EPSS: 0.542 (98.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Weakness classification (CWE)

CWE-354 — Improper Validation of Integrity Check Value

Public proof-of-concept exploits

References

cve@mitre.org (Release Notes)
cve@mitre.org (Release Notes)
cve@mitre.org (Release Notes)
cve@mitre.org (Release Notes)
cve@mitre.org (Release Notes)
cve@mitre.org (Release Notes)
cve@mitre.org (Patch)
cve@mitre.org (Mailing List)
cve@mitre.org (Release Notes)
cve@mitre.org (Release Notes)

Frequently asked questions

What is CVE-2023-48795?: CVE-2023-48795 is a medium-severity vulnerability in 9bis Kitty, classified under Improper Validation of Integrity Check Value. CVSS score: 5.9/10. Published 2023-12-18.
How severe is CVE-2023-48795?: Medium severity. CVSS v3 base score is 5.9 out of 10.
Is CVE-2023-48795 known to be exploited?: 59 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.