Vulnerability Details CVE-2018-1000805
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- https://access.redhat.com/errata/RHBA-2018:3497
- https://access.redhat.com/errata/RHSA-2018:3347
- https://access.redhat.com/errata/RHSA-2018:3406
- https://access.redhat.com/errata/RHSA-2018:3505
- https://github.com/paramiko/paramiko/issues/1283
- https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt
- https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
- https://usn.ubuntu.com/3796-1/
- https://usn.ubuntu.com/3796-2/
- https://usn.ubuntu.com/3796-3/
- https://access.redhat.com/errata/RHBA-2018:3497
- https://access.redhat.com/errata/RHSA-2018:3347
- https://access.redhat.com/errata/RHSA-2018:3406
- https://access.redhat.com/errata/RHSA-2018:3505
- https://github.com/paramiko/paramiko/issues/1283
- https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt
- https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
- https://usn.ubuntu.com/3796-1/
- https://usn.ubuntu.com/3796-2/
- https://usn.ubuntu.com/3796-3/
Products affected by CVE-2018-1000805
-
cpe:2.3:a:paramiko:paramiko:1.17.6
-
cpe:2.3:a:paramiko:paramiko:1.18.5
-
cpe:2.3:a:paramiko:paramiko:2.0.8
-
cpe:2.3:a:paramiko:paramiko:2.1.5
-
cpe:2.3:a:paramiko:paramiko:2.2.3
-
cpe:2.3:a:paramiko:paramiko:2.3.2
-
cpe:2.3:a:paramiko:paramiko:2.4.1
-
cpe:2.3:a:redhat:ansible_tower:3.3
-
cpe:2.3:a:redhat:virtualization_host:4.0
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.10
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server:6.0
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
-
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0