The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.Referenceshttp://marc.info/?l=bugtraq&m=109413637313484&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/17213http://securitytracker.com/id?1011143http://www.osvdb.org/9562https://security.netapp.com/advisory/ntap-20191107-0001/
