CVE-2018-7750

Current Description

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

Basic Data

PublishedMarch 13, 2018
Last ModifiedFebruary 28, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-287
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score9.8
CVSS 3 - Base SeverityCRITICAL
Exploitability Score3.9
Base SeverityCRITICAL

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationParamikoParamiko********1.17.6
    2.3ApplicationParamikoParamiko********1.18.01.18.5
    2.3ApplicationParamikoParamiko********2.0.02.0.8
    2.3ApplicationParamikoParamiko********2.1.02.1.5
    2.3ApplicationParamikoParamiko********2.2.02.2.3
    2.3ApplicationParamikoParamiko********2.3.02.3.2
    2.3ApplicationParamikoParamiko2.4.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatAnsible Engine2.0*******
    2.3ApplicationRedhatAnsible Engine2.4*******
    2.3ApplicationRedhatCloudforms4.5*******
    2.3ApplicationRedhatCloudforms4.6*******
    2.3OSDebianDebian Linux8.0*******
    2.3OSRedhatEnterprise Linux Desktop6.0*******
    2.3OSRedhatEnterprise Linux Server6.0*******
    2.3OSRedhatEnterprise Linux Server7.0*******
    2.3OSRedhatEnterprise Linux Server Aus6.4*******
    2.3OSRedhatEnterprise Linux Server Aus6.5*******
    2.3OSRedhatEnterprise Linux Server Aus6.6*******
    2.3OSRedhatEnterprise Linux Server Eus6.7*******
    2.3OSRedhatEnterprise Linux Server Tus6.6*******
    2.3OSRedhatEnterprise Linux Workstation6.0*******
    2.3OSRedhatVirtualization4.0*******
    2.3OSRedhatVirtualization4.1*******

Vulnerable Software List

VendorProductVersions
Paramiko Paramiko *, 2.4.0
Debian Debian Linux 8.0
Redhat Enterprise Linux Workstation 6.0
Redhat Cloudforms 4.5, 4.6
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server Aus 6.4, 6.5, 6.6
Redhat Enterprise Linux Server Tus 6.6
Redhat Enterprise Linux Server Eus 6.7
Redhat Ansible Engine 2.0, 2.4
Redhat Virtualization 4.0, 4.1
Redhat Enterprise Linux Server 6.0, 7.0

References

NameSourceURLTags
103713http://www.securityfocus.com/bid/103713BIDThird Party Advisory VDB Entry
RHSA-2018:0591https://access.redhat.com/errata/RHSA-2018:0591REDHATThird Party Advisory
RHSA-2018:0646https://access.redhat.com/errata/RHSA-2018:0646REDHATThird Party Advisory
RHSA-2018:1124https://access.redhat.com/errata/RHSA-2018:1124REDHATThird Party Advisory
RHSA-2018:1125https://access.redhat.com/errata/RHSA-2018:1125REDHATThird Party Advisory
RHSA-2018:1213https://access.redhat.com/errata/RHSA-2018:1213REDHATThird Party Advisory
RHSA-2018:1274https://access.redhat.com/errata/RHSA-2018:1274REDHATThird Party Advisory
RHSA-2018:1328https://access.redhat.com/errata/RHSA-2018:1328REDHATThird Party Advisory
RHSA-2018:1525https://access.redhat.com/errata/RHSA-2018:1525REDHATThird Party Advisory
RHSA-2018:1972https://access.redhat.com/errata/RHSA-2018:1972REDHATThird Party Advisory
https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rsthttps://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rstCONFIRMThird Party Advisory
https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516CONFIRMPatch Third Party Advisory
https://github.com/paramiko/paramiko/issues/1175https://github.com/paramiko/paramiko/issues/1175CONFIRMIssue Tracking Third Party Advisory
[debian-lts-announce] 20181027 [SECURITY] [DLA 1556-1] paramiko security updatehttps://lists.debian.org/debian-lts-announce/2018/10/msg00018.htmlMLISTMailing List Third Party Advisory
USN-3603-1https://usn.ubuntu.com/3603-1/UBUNTUThird Party Advisory
USN-3603-2https://usn.ubuntu.com/3603-2/UBUNTUThird Party Advisory
45712https://www.exploit-db.com/exploits/45712/EXPLOIT-DBExploit Third Party Advisory VDB Entry