9.8
CVE-2018-7750
- EPSS 27.07%
- Veröffentlicht 13.03.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:12:39
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Ansible Engine Version2.0
Redhat ≫ Ansible Engine Version2.4
Redhat ≫ Cloudforms Version4.5
Redhat ≫ Cloudforms Version4.6
Redhat ≫ Virtualization Version4.1
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version6.4
Redhat ≫ Enterprise Linux Server Aus Version6.5
Redhat ≫ Enterprise Linux Server Aus Version6.6
Redhat ≫ Enterprise Linux Server Eus Version6.7
Redhat ≫ Enterprise Linux Server Tus Version6.6
Redhat ≫ Enterprise Linux Workstation Version6.0
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 27.07% | 0.978 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
https://access.redhat.com/errata/RHSA-2018:1525
http://www.securityfocus.com/bid/103713
https://access.redhat.com/errata/RHSA-2018:0591
https://access.redhat.com/errata/RHSA-2018:0646
https://access.redhat.com/errata/RHSA-2018:1124
https://access.redhat.com/errata/RHSA-2018:1125
https://access.redhat.com/errata/RHSA-2018:1213
https://access.redhat.com/errata/RHSA-2018:1274
https://access.redhat.com/errata/RHSA-2018:1328
https://access.redhat.com/errata/RHSA-2018:1972
https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst
https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
https://github.com/paramiko/paramiko/issues/1175
https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
https://usn.ubuntu.com/3603-1/
https://usn.ubuntu.com/3603-2/
https://www.exploit-db.com/exploits/45712/