Wind River Support Network

HomeDefectsLIN1018-8102
Not to be fixed

LIN1018-8102 : Security Advisory - mc - CVE-2021-36370

Created: Aug 30, 2021    Updated: Nov 2, 2023
Resolved Date: Nov 2, 2023
Found In Version: 10.18.44.1
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Userspace

Description

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.

CREATE(Triage):(User=admin) CVE-2021-36370 (https://nvd.nist.gov/vuln/detail/CVE-2021-36370)
Live chat
Online