CVE-2018-1000805 — Incorrect Authorization in Paramiko
Severity
8.8HIGHNVD
EPSS
0.4%
top 37.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 8
Latest updateOct 22
Description
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages8 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10, Enterprise Linux 6.4, 6.5, 6.6, 7.6, 6.7
Patches
🔴Vulnerability Details
4📋Vendor Advisories
5Debian▶
CVE-2018-1000805: paramiko - Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a In...↗2018
💬Community
4Bugzilla
▶
Bugzilla▶
CVE-2018-1000805 python-paramiko: Authentication bypass in auth_handler.py [openstack-rdo]↗2018-10-09
Bugzilla
▶