Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-15473

CWE-362 — Race Condition CWE-200 — Information Exposure19 documents10 sources

Severity

5.3MEDIUM

EPSS

90.4%

top 0.40%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Siemens Scalance X204rna Firmware Openbsd Openssh Canonical Ubuntu Linux +9 more

Timeline

PublishedAug 17

Latest updateMay 13

Description

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages12 packages

▶Debianopenssh< 1:7.7p1-4+3

▶Ubuntuopenssh< 1:6.6p1-2ubuntu2.11+3

▶NVDopenbsd/openssh7.7

▶NVDsiemens/scalance_x204rna_firmware< 3.2.7

▶NVDnetapp/vasa_provider

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04

Patches

Patch: www.openwall.com ↗Patch: www.securitytracker.com ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-c8qw-h3f6-fv63: OpenSSH through 7↗2022-05-13

▶

OSV

openssh regression↗2021-08-12

▶

OSV

openssh vulnerabilities↗2018-11-06

▶

OSV

CVE-2018-15473: OpenSSH through 7↗2018-08-17

▶

CVEList

CVE-2018-15473: OpenSSH through 7↗2018-08-17

▶

💥Exploits & PoCs

Exploit-DB

OpenSSH < 7.7 - User Enumeration (2)↗2018-12-04

▶

Exploit-DB

OpenSSH 2.3 < 7.7 - Username Enumeration↗2018-08-21

▶

Exploit-DB

OpenSSH 2.3 < 7.7 - Username Enumeration (PoC)↗2018-08-16

▶

Nuclei

OpenSSH Service - Detect

▶

Nuclei

MikroTik RouterOS SSH - Detect

▶

📋Vendor Advisories

Ubuntu

OpenSSH regression↗2021-08-12

▶

Ubuntu

OpenSSH vulnerabilities↗2018-11-06

▶

Red Hat

openssh: User enumeration via malformed packets in authentication requests↗2018-08-16

▶

Debian

CVE-2018-15473: openssh - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not dela...↗2018

▶

💬Community

Bugzilla

CVE-2018-15919 openssh: User enumeration via malformed packets in authentication requests↗2018-08-28

▶

Bugzilla

CVE-2018-15599 dropbear: User enumeration via malformed packets in authentication requests↗2018-08-28

▶

Bugzilla

CVE-2018-15473 openssh: User enumeration via malformed packets in authentication requests [fedora-all]↗2018-08-20

▶

Bugzilla

CVE-2018-15473 openssh: User enumeration via malformed packets in authentication requests↗2018-08-20

▶