CVE-2018-7750

Description

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

CVSS Metrics

• v4.0•CRITICAL•Score: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
• v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
• v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 13.83%• Percentile: 94%

Techniques & Countermeasures

• CWE-287•Improper Authentication

  When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Systems

• debian•debian_linux

  8.0 | 9.0

• paramiko•paramiko

  < 1.17.6 | ≥ 1.18.0, < 1.18.5 | ≥ 2.0.0, < 2.0.8 | ≥ 2.1.0, < 2.1.5 | ≥ 2.2.0, < 2.2.3 | ≥ 2.3.0, < 2.3.2 | 2.4.0

• PyPI•paramiko

  ≥ 2.0.0, < 2.0.8 | ≥ 2.1.0, < 2.1.5 | ≥ 2.2.0, < 2.2.3 | ≥ 2.3.0, < 2.3.2 | ≥ 2.4.0, < 2.4.1 | < 1.17.6 | < fa29bd8446c8eab237f5187d28787727b4610516 | ≥ 1.18.0, < 1.18.5

• redhat•ansible_engine

  2.0 | 2.4

• redhat•cloudforms

  4.5 | 4.6

• redhat•enterprise_linux_desktop

  6.0

• redhat•enterprise_linux_server

  6.0 | 7.0

• redhat•enterprise_linux_server_aus

  6.4 | 6.5 | 6.6

• redhat•enterprise_linux_server_eus

  6.7

• redhat•enterprise_linux_server_tus

  6.6

• redhat•enterprise_linux_workstation

  6.0

• redhat•virtualization

  4.1

References (28)

• https://access.redhat.com/errata/RHSA-2018:1124
• https://www.exploit-db.com/exploits/45712/
• https://github.com/paramiko/paramiko/issues/1175
• https://access.redhat.com/errata/RHSA-2018:1125
• https://access.redhat.com/errata/RHSA-2018:1972
• https://access.redhat.com/errata/RHSA-2018:1274
• https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
• https://usn.ubuntu.com/3603-2/
• https://access.redhat.com/errata/RHSA-2018:0646
• https://access.redhat.com/errata/RHSA-2018:1213
• https://usn.ubuntu.com/3603-1/
• https://access.redhat.com/errata/RHSA-2018:1525
• https://access.redhat.com/errata/RHSA-2018:1328
• https://access.redhat.com/errata/RHSA-2018:0591
• http://www.securityfocus.com/bid/103713
• https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
• https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst
• https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
• https://nvd.nist.gov/vuln/detail/CVE-2018-7750
• https://github.com/paramiko/paramiko/commit/e9dfd854bdaf8af15d7834f7502a0451d217bb8c
• https://www.exploit-db.com/exploits/45712
• https://web.archive.org/web/20190831123128/http://www.securityfocus.com/bid/103713
• https://usn.ubuntu.com/3603-2
• https://usn.ubuntu.com/3603-1
• https://github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2018-19.yaml
• https://github.com/paramiko/paramiko/blob/e861c7697622774071ce73b46ffe8817eacdedfa/sites/www/changelog.rst?plain=1#L759-L763
• https://github.com/paramiko/paramiko
• https://github.com/advisories/GHSA-232r-66cg-79px