CVE-2018-1000805
08.10.2018, 15:29
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| paramiko | paramiko | 1.17.6 |
| paramiko | paramiko | 1.18.5 |
| paramiko | paramiko | 2.0.8 |
| paramiko | paramiko | 2.1.5 |
| paramiko | paramiko | 2.2.3 |
| paramiko | paramiko | 2.3.2 |
| paramiko | paramiko | 2.4.1 |
| redhat | ansible_tower | 3.3 |
| redhat | virtualization_host | 4.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 6.4 |
| redhat | enterprise_linux_server_aus | 6.5 |
| redhat | enterprise_linux_server_aus | 6.6 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_eus | 6.7 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_tus | 6.6 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 18.10 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| python2-paramiko |
| ||||||||
| python3-paramiko |
|
Red Hat Enterprise Linux Releases
References