CVE-2019-17067
First published: Tue Oct 01 2019(Updated: )
PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Putty Putty | <0.73 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-17067?
CVE-2019-17067 is a vulnerability in PuTTY versions before 0.73 on Windows that improperly opens port-forwarding listening sockets.
What is the severity of CVE-2019-17067?
The severity of CVE-2019-17067 is critical with a CVSS severity score of 9.8.
How does CVE-2019-17067 affect PuTTY and Windows?
CVE-2019-17067 affects PuTTY versions before 0.73 on Windows by allowing attackers to listen on the same port as the port-forwarding listening sockets, enabling them to steal incoming connections.
How can I fix CVE-2019-17067?
To fix CVE-2019-17067, update PuTTY to version 0.73 or newer.
Where can I find more information about CVE-2019-17067?
More information about CVE-2019-17067 can be found at the following references: [link1](https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html) and [link2](https://security.netapp.com/advisory/ntap-20191127-0003/).
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- vendor/putty
- canonical/putty putty
- vendor/microsoft
- canonical/microsoft windows