Vulnerability Details CVE-2019-19750
minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 56.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/minerstat/minerstat-os/commit/487ebd652dc9dc81120809effb2ddb3f66fc5f14
- https://rsaxvc.net/blog/2020/4/10/Widespread_re-use_of_SSH_Host_Keys_in_Ethereum_Mining_Rig_Operating_Systems.html
- https://github.com/minerstat/minerstat-os/commit/487ebd652dc9dc81120809effb2ddb3f66fc5f14
- https://rsaxvc.net/blog/2020/4/10/Widespread_re-use_of_SSH_Host_Keys_in_Ethereum_Mining_Rig_Operating_Systems.html