Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| erlang | erlang\/otp | 25.3.2.20 | - |
| erlang | erlang\/otp | 26.0 - 26.2.5.11 | - |
| erlang | erlang\/otp | 27.0 - 27.3.3 |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
34
Affected Products
14
References
erlang / erlang\/otp
| - |
| cisco | confd_basic | 7.7.19.1 | - |
| cisco | confd_basic | 8.0.18 - 8.1.16.2 | - |
| cisco | confd_basic | 8.2 - 8.2.11.1 | - |
| cisco | confd_basic | 8.3 - 8.3.8.1 | - |
| cisco | confd_basic | 8.4 - 8.4.4.1 | - |
| cisco | network_services_orchestrator | 5.7.19.1 | - |
| cisco | network_services_orchestrator | 5.8 - 6.1.16.2 | - |
| cisco | network_services_orchestrator | 6.2 - 6.2.11.1 | - |
| cisco | network_services_orchestrator | 6.3 - 6.3.8.1 | - |
| cisco | network_services_orchestrator | 6.4 - 6.4.1.1 | - |
| cisco | network_services_orchestrator | 6.4.2 - 6.4.4.1 | - |
| cisco | cloud_native_broadband_network_gateway | 2025.03.1 | - |
| cisco | inode_manager | - | - |
| cisco | smart_phy | 25.2 | - |
| cisco | ultra_packet_core | 2025.03 | - |
| cisco | ultra_services_platform | - | - |
| cisco | staros | 2025.03 | - |
| cisco | optical_site_manager | 25.2.1 | - |
| cisco | ncs_2000_shelf_virtualization_orchestrator_firmware | 25.1.1 | - |
| cisco | enterprise_nfv_infrastructure_software | 4.18 | - |
| cisco | ultra_cloud_core | 2025.03.1 | - |
| cisco | rv160w_firmware | - | - |
| cisco | rv260_firmware | - | - |
| cisco | rv160_firmware | - | - |
| cisco | rv260p_firmware | - | - |
| cisco | rv260w_firmware | - | - |
| cisco | rv340_firmware | - | - |
| cisco | rv340w_firmware | - | - |
| cisco | rv345_firmware | - | - |
| cisco | rv345p_firmware | - | - |
| debian | debian_linux | - | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitability
Impact