High
CVE-2018-10933
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
High
(1 user assessed)Very High
(1 user assessed)Unknown
Unknown
Unknown
CVE-2018-10933
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Description
libssh versions 0.6 and above have an authentication bypass vulnerability in
the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication, the attacker could successfully authenticate without any credentials.
Patch Availability
Patches addressing the issue have been posted to:
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
libssh version 0.8.4 and libssh 0.7.6 have been released to address this issue.
Workaround
There is no workaround for this issue.
Credit
The bug was discovered by Peter Winter-Smith of NCC Group.
Patches are provided by the Anderson Toshiyuki Sasaki of Red Hat and the libssh team.
Add Assessment
Ratings
-
Attacker ValueHigh
-
ExploitabilityVery High
Technical Analysis
LibSSH isn’t common as other SSH server softwares and vulnerability is pretty dates so finding this in the wild won’t be a walk in the park.
Having said that, if adversaries will find this software installed with a vulnerable version, exploitation is extremely easy (multiple exploit exists in the internet) and usually will provided access from the external to the server while fully bypassing the authentication.
for example – https://github.com/xFreed0m/CVE-2018-10933
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportGeneral Information
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: