id: CVE-2001-1473 info: name: Deprecated SSHv1 Protocol Detection author: iamthefrogy severity: high description: SSHv1 is deprecated and has known cryptographic issues. reference: - https://www.kb.cert.org/vuls/id/684820 - https://nvd.nist.gov/vuln/detail/CVE-2001-1473 - http://www.kb.cert.org/vuls/id/684820 - https://exchange.xforce.ibmcloud.com/vulnerabilities/6603 remediation: Upgrade to SSH 2.4 or later. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2001-1473 cwe-id: CWE-310 cpe: cpe:2.3:a:ssh:ssh:1.2.24:*:*:*:*:*:*:* epss-score: 0.00258 metadata: max-request: 1 product: ssh vendor: ssh tags: cve,cve2001,network,ssh,openssh tcp: - host: - "{{Hostname}}" port: 22 matchers: - type: word words: - "SSH-1" # digest: 4a0a0047304502203de1c09a1cc386bcec69008300e5128d2880e5928722ce6e713ea325990477ca0221008c784185ea07e806340c2bd1f40e7f279363836889eb3a8c1840c2554f7695c8:922c64590222798bb761d5b6d8e72950