CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-5243

The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.2%

CVSS Severity

CVSS v3 Score 8.5

CVSS v2 Score 6.8

References

Products affected by CVE-2017-5243

Rapid7 » Nexpose » Version: N/A

cpe:2.3:a:rapid7:nexpose:-
Rapid7 » Nexpose » Version: 5.4

cpe:2.3:a:rapid7:nexpose:5.4
Rapid7 » Nexpose » Version: 5.4.1

cpe:2.3:a:rapid7:nexpose:5.4.1
Rapid7 » Nexpose » Version: 5.4.10

cpe:2.3:a:rapid7:nexpose:5.4.10
Rapid7 » Nexpose » Version: 5.4.11

cpe:2.3:a:rapid7:nexpose:5.4.11
Rapid7 » Nexpose » Version: 5.4.12

cpe:2.3:a:rapid7:nexpose:5.4.12
Rapid7 » Nexpose » Version: 5.4.2

cpe:2.3:a:rapid7:nexpose:5.4.2
Rapid7 » Nexpose » Version: 5.4.3

cpe:2.3:a:rapid7:nexpose:5.4.3
Rapid7 » Nexpose » Version: 5.4.4

cpe:2.3:a:rapid7:nexpose:5.4.4
Rapid7 » Nexpose » Version: 5.4.5

cpe:2.3:a:rapid7:nexpose:5.4.5
Rapid7 » Nexpose » Version: 5.4.6

cpe:2.3:a:rapid7:nexpose:5.4.6
Rapid7 » Nexpose » Version: 5.4.7

cpe:2.3:a:rapid7:nexpose:5.4.7
Rapid7 » Nexpose » Version: 5.4.8

cpe:2.3:a:rapid7:nexpose:5.4.8
Rapid7 » Nexpose » Version: 5.4.9

cpe:2.3:a:rapid7:nexpose:5.4.9
Rapid7 » Nexpose » Version: 5.5.1

cpe:2.3:a:rapid7:nexpose:5.5.1
Rapid7 » Nexpose » Version: 5.5.3

cpe:2.3:a:rapid7:nexpose:5.5.3
Rapid7 » Nexpose » Version: 5.5.4

cpe:2.3:a:rapid7:nexpose:5.5.4
Rapid7 » Nexpose » Version: 5.5.5

cpe:2.3:a:rapid7:nexpose:5.5.5
Rapid7 » Nexpose » Version: 5.5.6

cpe:2.3:a:rapid7:nexpose:5.5.6
Rapid7 » Nexpose » Version: 5.5.7

cpe:2.3:a:rapid7:nexpose:5.5.7
Rapid7 » Nexpose » Version: 5.5.8

cpe:2.3:a:rapid7:nexpose:5.5.8
Rapid7 » Nexpose » Version: 6.3.10

cpe:2.3:a:rapid7:nexpose:6.3.10
Rapid7 » Nexpose » Version: 6.3.11

cpe:2.3:a:rapid7:nexpose:6.3.11
Rapid7 » Nexpose » Version: 6.3.12

cpe:2.3:a:rapid7:nexpose:6.3.12
Rapid7 » Nexpose » Version: 6.3.13

cpe:2.3:a:rapid7:nexpose:6.3.13
Rapid7 » Nexpose » Version: 6.3.14

cpe:2.3:a:rapid7:nexpose:6.3.14
Rapid7 » Nexpose » Version: 6.3.15

cpe:2.3:a:rapid7:nexpose:6.3.15
Rapid7 » Nexpose » Version: 6.4.0

cpe:2.3:a:rapid7:nexpose:6.4.0
Rapid7 » Nexpose » Version: 6.4.1

cpe:2.3:a:rapid7:nexpose:6.4.1
Rapid7 » Nexpose » Version: 6.4.10

cpe:2.3:a:rapid7:nexpose:6.4.10
Rapid7 » Nexpose » Version: 6.4.11

cpe:2.3:a:rapid7:nexpose:6.4.11
Rapid7 » Nexpose » Version: 6.4.12

cpe:2.3:a:rapid7:nexpose:6.4.12
Rapid7 » Nexpose » Version: 6.4.13

cpe:2.3:a:rapid7:nexpose:6.4.13
Rapid7 » Nexpose » Version: 6.4.14

cpe:2.3:a:rapid7:nexpose:6.4.14
Rapid7 » Nexpose » Version: 6.4.15

cpe:2.3:a:rapid7:nexpose:6.4.15
Rapid7 » Nexpose » Version: 6.4.16

cpe:2.3:a:rapid7:nexpose:6.4.16
Rapid7 » Nexpose » Version: 6.4.17

cpe:2.3:a:rapid7:nexpose:6.4.17
Rapid7 » Nexpose » Version: 6.4.18

cpe:2.3:a:rapid7:nexpose:6.4.18
Rapid7 » Nexpose » Version: 6.4.19

cpe:2.3:a:rapid7:nexpose:6.4.19
Rapid7 » Nexpose » Version: 6.4.2

cpe:2.3:a:rapid7:nexpose:6.4.2
Rapid7 » Nexpose » Version: 6.4.20

cpe:2.3:a:rapid7:nexpose:6.4.20
Rapid7 » Nexpose » Version: 6.4.21

cpe:2.3:a:rapid7:nexpose:6.4.21
Rapid7 » Nexpose » Version: 6.4.22

cpe:2.3:a:rapid7:nexpose:6.4.22
Rapid7 » Nexpose » Version: 6.4.23

cpe:2.3:a:rapid7:nexpose:6.4.23
Rapid7 » Nexpose » Version: 6.4.24

cpe:2.3:a:rapid7:nexpose:6.4.24
Rapid7 » Nexpose » Version: 6.4.25

cpe:2.3:a:rapid7:nexpose:6.4.25
Rapid7 » Nexpose » Version: 6.4.26

cpe:2.3:a:rapid7:nexpose:6.4.26
Rapid7 » Nexpose » Version: 6.4.27

cpe:2.3:a:rapid7:nexpose:6.4.27
Rapid7 » Nexpose » Version: 6.4.28

cpe:2.3:a:rapid7:nexpose:6.4.28
Rapid7 » Nexpose » Version: 6.4.29

cpe:2.3:a:rapid7:nexpose:6.4.29
Rapid7 » Nexpose » Version: 6.4.3

cpe:2.3:a:rapid7:nexpose:6.4.3
Rapid7 » Nexpose » Version: 6.4.30

cpe:2.3:a:rapid7:nexpose:6.4.30
Rapid7 » Nexpose » Version: 6.4.31

cpe:2.3:a:rapid7:nexpose:6.4.31
Rapid7 » Nexpose » Version: 6.4.32

cpe:2.3:a:rapid7:nexpose:6.4.32
Rapid7 » Nexpose » Version: 6.4.33

cpe:2.3:a:rapid7:nexpose:6.4.33
Rapid7 » Nexpose » Version: 6.4.34

cpe:2.3:a:rapid7:nexpose:6.4.34
Rapid7 » Nexpose » Version: 6.4.35

cpe:2.3:a:rapid7:nexpose:6.4.35
Rapid7 » Nexpose » Version: 6.4.36

cpe:2.3:a:rapid7:nexpose:6.4.36
Rapid7 » Nexpose » Version: 6.4.37

cpe:2.3:a:rapid7:nexpose:6.4.37
Rapid7 » Nexpose » Version: 6.4.38

cpe:2.3:a:rapid7:nexpose:6.4.38
Rapid7 » Nexpose » Version: 6.4.39

cpe:2.3:a:rapid7:nexpose:6.4.39
Rapid7 » Nexpose » Version: 6.4.4

cpe:2.3:a:rapid7:nexpose:6.4.4
Rapid7 » Nexpose » Version: 6.4.40

cpe:2.3:a:rapid7:nexpose:6.4.40
Rapid7 » Nexpose » Version: 6.4.5

cpe:2.3:a:rapid7:nexpose:6.4.5
Rapid7 » Nexpose » Version: 6.4.6

cpe:2.3:a:rapid7:nexpose:6.4.6
Rapid7 » Nexpose » Version: 6.4.7

cpe:2.3:a:rapid7:nexpose:6.4.7
Rapid7 » Nexpose » Version: 6.4.8

cpe:2.3:a:rapid7:nexpose:6.4.8
Rapid7 » Nexpose » Version: 6.4.9

cpe:2.3:a:rapid7:nexpose:6.4.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-5243

Products

Pricing

Contact Us