CVE-2018-7750

EUVD-2018-0111
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
paramikoparamiko
𝑥
< 1.17.6
paramikoparamiko
1.18.0 ≤
𝑥
< 1.18.5
paramikoparamiko
2.0.0 ≤
𝑥
< 2.0.8
paramikoparamiko
2.1.0 ≤
𝑥
< 2.1.5
paramikoparamiko
2.2.0 ≤
𝑥
< 2.2.3
paramikoparamiko
2.3.0 ≤
𝑥
< 2.3.2
paramikoparamiko
2.4.0
redhatansible_engine
2.0
redhatansible_engine
2.4
redhatcloudforms
4.5
redhatcloudforms
4.6
redhatvirtualization
4.1
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
6.4
redhatenterprise_linux_server_aus
6.5
redhatenterprise_linux_server_aus
6.6
redhatenterprise_linux_server_eus
6.7
redhatenterprise_linux_server_tus
6.6
redhatenterprise_linux_workstation
6.0
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
paramiko
bookworm
2.12.0-2
fixed
bullseye
2.7.2-1
fixed
sid
3.4.1-2
fixed
trixie
3.4.1-2
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
paramiko
artful
Fixed 2.0.0-1ubuntu0.1
released
trusty
Fixed 1.10.1-1git1ubuntu0.1
released
xenial
Fixed 1.16.0-1ubuntu0.1
released
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/103713
https://access.redhat.com/errata/RHSA-2018:0591
https://access.redhat.com/errata/RHSA-2018:0646
https://access.redhat.com/errata/RHSA-2018:1124
https://access.redhat.com/errata/RHSA-2018:1125
https://access.redhat.com/errata/RHSA-2018:1213
https://access.redhat.com/errata/RHSA-2018:1274
https://access.redhat.com/errata/RHSA-2018:1328
https://access.redhat.com/errata/RHSA-2018:1525
https://access.redhat.com/errata/RHSA-2018:1972
https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst
https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
https://github.com/paramiko/paramiko/issues/1175
https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
https://usn.ubuntu.com/3603-1/
https://usn.ubuntu.com/3603-2/
https://www.exploit-db.com/exploits/45712/
http://www.securityfocus.com/bid/103713
https://access.redhat.com/errata/RHSA-2018:0591
https://access.redhat.com/errata/RHSA-2018:0646
https://access.redhat.com/errata/RHSA-2018:1124
https://access.redhat.com/errata/RHSA-2018:1125
https://access.redhat.com/errata/RHSA-2018:1213
https://access.redhat.com/errata/RHSA-2018:1274
https://access.redhat.com/errata/RHSA-2018:1328
https://access.redhat.com/errata/RHSA-2018:1525
https://access.redhat.com/errata/RHSA-2018:1972
https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst
https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
https://github.com/paramiko/paramiko/issues/1175
https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
https://usn.ubuntu.com/3603-1/
https://usn.ubuntu.com/3603-2/
https://www.exploit-db.com/exploits/45712/