The host is installed with OpenSSH 6.2 or 6.3 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle an issue in mm_newkeys_from_blob function in monitor_wrap.c in sshd. Successful exploitation could allow remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.