Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Network

0

CVE-2018-7750

Disclosure Date: March 13, 2018 •

CVE-2018-7750 CVSS v3 Base Score: 9.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

debian,
paramiko,
redhat

Products

ansible engine 2.0,
ansible engine 2.4,
cloudforms 4.5,
cloudforms 4.6,
debian linux 8.0,
debian linux 9.0,
enterprise linux desktop 6.0,
enterprise linux server 6.0,
enterprise linux server 7.0,
enterprise linux server aus 6.4,
enterprise linux server aus 6.5,
enterprise linux server aus 6.6,
enterprise linux server eus 6.7,
enterprise linux server tus 6.6,
enterprise linux workstation 6.0,
paramiko,
paramiko 2.4.0,
virtualization 4.1

References

Canonical

CVE-2018-7750 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7750)

BID-103713 (http://www.securityfocus.com/bid/103713)

Advisory

https://access.redhat.com/errata/RHSA-2018:1124

EXPLOIT-DB-45712 (https://www.exploit-db.com/exploits/45712)

https://github.com/paramiko/paramiko/issues/1175

https://access.redhat.com/errata/RHSA-2018:1125

https://access.redhat.com/errata/RHSA-2018:1972

https://access.redhat.com/errata/RHSA-2018:1274

[debian-lts-announce] 20181027 [SECURITY] [DLA 1556-1] paramiko security update (https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html)

USN-3603-2 (https://usn.ubuntu.com/3603-2)

https://access.redhat.com/errata/RHSA-2018:0646

https://access.redhat.com/errata/RHSA-2018:1213

USN-3603-1 (https://usn.ubuntu.com/3603-1)

https://access.redhat.com/errata/RHSA-2018:1525

https://access.redhat.com/errata/RHSA-2018:1328

https://access.redhat.com/errata/RHSA-2018:0591

https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516

https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst

EXPLOIT-DB-45712 (https://www.exploit-db.com/exploits/45712/)

USN-3603-2 (https://usn.ubuntu.com/3603-2/)

USN-3603-1 (https://usn.ubuntu.com/3603-1/)

[debian-lts-announce] 20211228 [SECURITY] [DLA 2860-1] paramiko security update (https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html)

Rapid7

Technical Analysis