Main Vulnerability Database Vulnerabilities #VU15559

Improper access control in Paramiko - CVE-2018-1000805

Published: October 24, 2018 / Updated: October 29, 2018

Vulnerability identifier: #VU15559

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-1000805

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Jeff Forcier

Affected software:
Paramiko

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper access control in SSH server. A remote unauthenticated attacker can bypass access controls via unspecified vectors and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-1000805

Install update from vendor's website.

Sources

https://github.com/paramiko/paramiko/issues/1283

Improper access control in Paramiko - CVE-2018-1000805

Detailed vulnerability description

How to mitigate CVE-2018-1000805

Sources

Please verify you're human