Main Vulnerability Database Vulnerabilities #VU15559

#VU15559 Improper access control in Paramiko - CVE-2018-1000805

Published: October 24, 2018 / Updated: October 29, 2018

Vulnerability identifier: #VU15559

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-1000805

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Paramiko

Software vendor:
Jeff Forcier

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper access control in SSH server. A remote unauthenticated attacker can bypass access controls via unspecified vectors and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

External links

https://github.com/paramiko/paramiko/issues/1283

#VU15559 Improper access control in Paramiko - CVE-2018-1000805

Description

Remediation

External links

Please verify you're human