Wind River Support Network

HomeDefectsLIN1021-1339
Fixed

LIN1021-1339 : Security Advisory - mc - CVE-2021-36370

Created: Aug 30, 2021    Updated: Sep 25, 2021
Resolved Date: Sep 17, 2021
Found In Version: 10.21.20.1
Fix Version: 10.21.20.5
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.

CREATE(Triage):(User=admin) [CVE-2021-36370|https://nvd.nist.gov/vuln/detail/CVE-2021-36370]

CVEs


Live chat
Online