CVE-2018-7750
- Source
- https://cve.org/CVERecord?id=CVE-2018-7750
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7750.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-7750
- Aliases
- Downstream
- Related
- Published
- 2018-03-13T18:29:00.303Z
- Modified
- 2026-02-12T08:24:19.849908Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
- References
-
- http://www.securityfocus.com/bid/103713
- https://access.redhat.com/errata/RHSA-2018:0591
- https://access.redhat.com/errata/RHSA-2018:0646
- https://access.redhat.com/errata/RHSA-2018:1124
- https://access.redhat.com/errata/RHSA-2018:1125
- https://access.redhat.com/errata/RHSA-2018:1213
- https://access.redhat.com/errata/RHSA-2018:1274
- https://access.redhat.com/errata/RHSA-2018:1328
- https://access.redhat.com/errata/RHSA-2018:1525
- https://access.redhat.com/errata/RHSA-2018:1972
- https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst
- https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
- https://github.com/paramiko/paramiko/issues/1175
- https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
- https://usn.ubuntu.com/3603-1/
- https://usn.ubuntu.com/3603-2/
- https://www.exploit-db.com/exploits/45712/
- https://github.com/paramiko/paramiko/issues/1175
- https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
- https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
- https://www.exploit-db.com/exploits/45712/
Affected packages
Git / github.com/ansible/ansible
Affected versions
v2.*
v2.2.0.0-1
v2.2.1.0-0.1.rc1
v2.2.1.0-0.2.rc2
v2.2.1.0-0.3.rc3
v2.2.1.0-0.4.rc4
v2.2.1.0-0.5.rc5
v2.2.1.0-1
v2.2.2.0-0.1.rc1
v2.2.2.0-0.2.rc2
v2.2.2.0-1
v2.2.3.0-0.1.rc1
v2.3.0.0-1
v2.3.1.0-0.1.rc1
v2.3.1.0-0.2.rc2
v2.3.1.0-1
v2.3.2.0-0.1.rc1
v2.3.2.0-0.2.rc2
v2.3.2.0-0.3.rc3
v2.3.2.0-0.4.rc4
v2.3.2.0-0.5.rc5
Git / github.com/paramiko/paramiko
Affected ranges
- Type
- GIT
- Repo
- https://github.com/paramiko/paramiko
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedFixedIntroducedFixedIntroducedFixedFixed