CVE-2018-15473
OpenSSH < 7.7 - User Enumeration
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
42
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
OpenSSH hasta la versión 7.7 es propenso a una vulnerabilidad de enumeración de usuarios debido a que no retrasa el rescate de un usuario de autenticación no válido hasta que el paquete que contiene la petición haya sido analizado completamente. Esto está relacionado con auth2-gss.c, auth2-hostbased.c, y auth2-pubkey.c.
A user enumeration vulnerability flaw was found in OpenSSH, though version 7.7. The vulnerability occurs by not delaying bailout for an invalid authenticated user until after the packet containing the request has been fully parsed. The highest threat from this vulnerability is to data confidentiality.
USN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473 was incomplete and could introduce a regression in certain environments. This update fixes the problem. Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-08-17 CVE Reserved
- 2018-08-17 CVE Published
- 2018-09-13 First Exploit
- 2024-08-05 CVE Updated
- 2025-05-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (61)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105140 | Broken Link | |
| https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html | Mailing List |
|
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011 | Third Party Advisory |
|
| https://security.netapp.com/advisory/ntap-20181101-0001 | Third Party Advisory |
|
| https://seclists.org/oss-sec/2018/q3/124 |
|
|
| https://sekurak.pl/openssh-users-enumeration-cve-2018-15473 |
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2018/08/15/5 | 2023-02-23 | |
| http://www.securitytracker.com/id/1041487 | 2023-02-23 | |
| https://bugs.debian.org/906236 | 2023-02-23 | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf | 2023-02-23 | |
| https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0 | 2023-02-23 | |
| https://www.oracle.com/security-alerts/cpujan2020.html | 2023-02-23 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:0711 | 2023-02-23 | |
| https://access.redhat.com/errata/RHSA-2019:2143 | 2023-02-23 | |
| https://security.gentoo.org/glsa/201810-03 | 2023-02-23 | |
| https://usn.ubuntu.com/3809-1 | 2023-02-23 | |
| https://www.debian.org/security/2018/dsa-4280 | 2023-02-23 | |
| https://access.redhat.com/security/cve/CVE-2018-15473 | 2019-08-06 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1619063 | 2019-08-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | Cn1610 Firmware Search vendor "Netapp" for product "Cn1610 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Cn1610 Search vendor "Netapp" for product "Cn1610" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | Vasa Provider Search vendor "Netapp" for product "Vasa Provider" | >= 7.2 Search vendor "Netapp" for product "Vasa Provider" and version " >= 7.2" | - |
Affected
| in | Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | Storage Replication Adapter Search vendor "Netapp" for product "Storage Replication Adapter" | >= 7.2 Search vendor "Netapp" for product "Storage Replication Adapter" and version " >= 7.2" | vsphere |
Affected
| in | Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Scalance X204rna Firmware Search vendor "Siemens" for product "Scalance X204rna Firmware" | < 3.2.7 Search vendor "Siemens" for product "Scalance X204rna Firmware" and version " < 3.2.7" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance X204rna Search vendor "Siemens" for product "Scalance X204rna" | - | - |
Safe
|
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | <= 7.7 Search vendor "Openbsd" for product "Openssh" and version " <= 7.7" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Aff Baseboard Management Controller Search vendor "Netapp" for product "Aff Baseboard Management Controller" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Data Ontap Edge Search vendor "Netapp" for product "Data Ontap Edge" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Fas Baseboard Management Controller Search vendor "Netapp" for product "Fas Baseboard Management Controller" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Unified Manager Search vendor "Netapp" for product "Oncommand Unified Manager" | >= 9.4 Search vendor "Netapp" for product "Oncommand Unified Manager" and version " >= 9.4" | vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Ontap Select Deploy Search vendor "Netapp" for product "Ontap Select Deploy" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Service Processor Search vendor "Netapp" for product "Service Processor" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Virtual Storage Console Search vendor "Netapp" for product "Virtual Storage Console" | >= 7.2 Search vendor "Netapp" for product "Virtual Storage Console" and version " >= 7.2" | vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Data Ontap Search vendor "Netapp" for product "Data Ontap" | - | 7-mode |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Sun Zfs Storage Appliance Kit Search vendor "Oracle" for product "Sun Zfs Storage Appliance Kit" | 8.8.6 Search vendor "Oracle" for product "Sun Zfs Storage Appliance Kit" and version "8.8.6" | - |
Affected
| ||||||