9.8

CVE-2018-7750

Exploit
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ParamikoParamiko Version < 1.17.6
ParamikoParamiko Version >= 1.18.0 < 1.18.5
ParamikoParamiko Version >= 2.0.0 < 2.0.8
ParamikoParamiko Version >= 2.1.0 < 2.1.5
ParamikoParamiko Version >= 2.2.0 < 2.2.3
ParamikoParamiko Version >= 2.3.0 < 2.3.2
ParamikoParamiko Version2.4.0
RedhatAnsible Engine Version2.0
RedhatAnsible Engine Version2.4
RedhatCloudforms Version4.5
RedhatCloudforms Version4.6
RedhatVirtualization Version4.1
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 27.07% 0.978
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://access.redhat.com/errata/RHSA-2018:1525
Third Party Advisory
http://www.securityfocus.com/bid/103713
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:0591
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0646
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1124
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1125
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1213
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1274
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1328
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1972
Third Party Advisory
https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst
Third Party Advisory
https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
Patch
Third Party Advisory
https://github.com/paramiko/paramiko/issues/1175
Third Party Advisory
Issue Tracking
https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/3603-1/
Third Party Advisory
https://usn.ubuntu.com/3603-2/
Third Party Advisory
https://www.exploit-db.com/exploits/45712/
Third Party Advisory
Exploit
VDB Entry