CVE-2014-8779

Published: Feb 3, 2015Modified: May 6, 2026

7.1

Vector

AV:N/AC:M/Au:N/C:N/I:C/A:N

Exploitability: 8.6 / Impact: 6.9

Source: NVD

Description

Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.

Affected (1)

Products: Pexip: Pexip Infinity

Pexip

1 product

Pexip Infinity

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pexip Pexip Infinity	Up to 7.0

Related CWEs

CWE-254

References (8)

http://packetstormsecurity.com/files/130174/Pexip-Infinity-Non-Unique-SSH-Host-Keys.html

Source: cve@mitre.org

http://www.pexip.com/sites/pexip/files/Pexip_Security_Bulletin_2015-01-02.pdf

Source: cve@mitre.org

ExploitVendor Advisory

http://www.securityfocus.com/archive/1/534576/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/72359

Source: cve@mitre.org

http://packetstormsecurity.com/files/130174/Pexip-Infinity-Non-Unique-SSH-Host-Keys.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.pexip.com/sites/pexip/files/Pexip_Security_Bulletin_2015-01-02.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://www.securityfocus.com/archive/1/534576/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/72359

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.