Authentication bypass in Paramiko - CVE-2018-7750
Published: March 16, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU11130
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2018-7750
CWE-ID: CWE-592
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Jeff Forcier
Affected software:
Paramiko
Paramiko
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to bypass authentication.
The weakness exists is due to improper security restrictions. A remote attacker can use a customized SSH client, bypass authentication and gain unauthorized access to resources on the target systemю
The weakness exists is due to improper security restrictions. A remote attacker can use a customized SSH client, bypass authentication and gain unauthorized access to resources on the target systemю
How to mitigate CVE-2018-7750
Update to versions 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5 or 1.17.6.