Skip to main content

CVE-2021-45099

Severity High
Score 8.8/10

Summary

The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH & Web Terminal) before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against complex social engineering situations

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • HIGH

References

Advisory Timeline

  • Published