Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-7750

CWE-287 — Improper Authentication15 documents9 sources

Severity

9.8CRITICAL

EPSS

13.8%

top 5.71%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Paramiko Paramiko Debian Debian Linux Redhat Ansible Engine +8 more

Timeline

PublishedMar 13

Latest updateOct 30

Description

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages9 packages

▶PyPIparamiko2.0.0 — 2.0.8+6

▶NVDparamiko/paramiko1.18.0 — 1.18.5+6

▶Debianparamiko< 2.4.2-0.1+3

▶NVDredhat/enterprise_linux_server6.0, 7.0+1

▶NVDredhat/cloudforms4.5, 4.6+1

Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 6.4, 6.5, 6.6, 6.7

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Paramiko not properly checking authentication before processing other requests↗2018-07-12

▶

OSV

Paramiko not properly checking authentication before processing other requests↗2018-07-12

▶

OSV

CVE-2018-7750: transport↗2018-03-13

▶

CVEList

CVE-2018-7750: transport↗2018-03-13

▶

💥Exploits & PoCs

Exploit-DB

Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass↗2018-10-30

▶

Exploit-DB

Paramiko 2.4.1 - Authentication Bypass↗2018-10-29

▶

📋Vendor Advisories

Ubuntu

Paramiko vulnerability↗2018-03-20

▶

Ubuntu

Paramiko vulnerability↗2018-03-20

▶

Red Hat

python-paramiko: Authentication bypass in transport.py↗2018-03-13

▶

Debian

CVE-2018-7750: paramiko - transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x ...↗2018

▶

💬Community

Bugzilla

CVE-2018-7750 python-paramiko: Authentication bypass in transport.py↗2018-03-16

▶

Bugzilla

CVE-2018-7750 python-paramiko: Authentication bypass in transport.py [fedora-all]↗2018-03-16

▶

Bugzilla

CVE-2018-7750 python-paramiko: Authentication bypass in transport.py [epel-all]↗2018-03-16

▶

Bugzilla

CVE-2018-7750 python-paramiko: Authentication bypass in transport.py [openstack-rdo]↗2018-03-16

▶