CVE-2018-7750
Paramiko 2.4.1 - Authentication Bypass
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
5
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
transport.py en la implementación del servidor SSH de Paramiko, en versiones anteriores a la 1.17.6; versiones 1.18.x anteriores a la 1.18.5; versiones 2.0.x anteriores a la 2.0.8; versiones 2.1.x anteriores a la 2.1.5; versiones 2.2.x anteriores a la 2.2.3; versiones 2.3.x anteriores a la 2.3.2 y versiones 2.4.x anteriores a la 2.4.1, no comprueba adecuadamente si la autenticación se ha completado antes de procesar otras peticiones, tal y como demuestra channel-open. Un cliente SSH personalizado puede simplemente omitir el paso de autenticación.
It was found that when acting as an SSH server, paramiko did not properly check whether authentication is completed before processing other requests. A customized SSH client could use this to bypass authentication when accessing any resources controlled by paramiko.
The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. The following packages have been upgraded to a later upstream version: python-paramiko. Issues addressed include a bypass vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-03-07 CVE Reserved
- 2018-03-13 CVE Published
- 2018-10-29 First Exploit
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (24)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/103713 | Third Party Advisory | |
| https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst | Third Party Advisory | |
| https://github.com/paramiko/paramiko/issues/1175 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/150020 | 2018-10-30 | |
| https://packetstorm.news/files/id/149983 | 2018-10-29 | |
| https://www.exploit-db.com/exploits/45712 | 2024-08-05 | |
| https://github.com/jm33-m0/CVE-2018-7750 | 2018-11-06 | |
| https://github.com/tlavi00/CVE-2018-7750 | 2024-12-13 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516 | 2022-04-18 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:0591 | 2022-04-18 | |
| https://access.redhat.com/errata/RHSA-2018:0646 | 2022-04-18 | |
| https://access.redhat.com/errata/RHSA-2018:1124 | 2022-04-18 | |
| https://access.redhat.com/errata/RHSA-2018:1125 | 2022-04-18 | |
| https://access.redhat.com/errata/RHSA-2018:1213 | 2022-04-18 | |
| https://access.redhat.com/errata/RHSA-2018:1274 | 2022-04-18 | |
| https://access.redhat.com/errata/RHSA-2018:1328 | 2022-04-18 | |
| https://access.redhat.com/errata/RHSA-2018:1525 | 2022-04-18 | |
| https://access.redhat.com/errata/RHSA-2018:1972 | 2022-04-18 | |
| https://usn.ubuntu.com/3603-1 | 2022-04-18 | |
| https://usn.ubuntu.com/3603-2 | 2022-04-18 | |
| https://access.redhat.com/security/cve/CVE-2018-7750 | 2018-06-25 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1557130 | 2018-06-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Paramiko Search vendor "Paramiko" | Paramiko Search vendor "Paramiko" for product "Paramiko" | < 1.17.6 Search vendor "Paramiko" for product "Paramiko" and version " < 1.17.6" | - |
Affected
| ||||||
| Paramiko Search vendor "Paramiko" | Paramiko Search vendor "Paramiko" for product "Paramiko" | >= 1.18.0 < 1.18.5 Search vendor "Paramiko" for product "Paramiko" and version " >= 1.18.0 < 1.18.5" | - |
Affected
| ||||||
| Paramiko Search vendor "Paramiko" | Paramiko Search vendor "Paramiko" for product "Paramiko" | >= 2.0.0 < 2.0.8 Search vendor "Paramiko" for product "Paramiko" and version " >= 2.0.0 < 2.0.8" | - |
Affected
| ||||||
| Paramiko Search vendor "Paramiko" | Paramiko Search vendor "Paramiko" for product "Paramiko" | >= 2.1.0 < 2.1.5 Search vendor "Paramiko" for product "Paramiko" and version " >= 2.1.0 < 2.1.5" | - |
Affected
| ||||||
| Paramiko Search vendor "Paramiko" | Paramiko Search vendor "Paramiko" for product "Paramiko" | >= 2.2.0 < 2.2.3 Search vendor "Paramiko" for product "Paramiko" and version " >= 2.2.0 < 2.2.3" | - |
Affected
| ||||||
| Paramiko Search vendor "Paramiko" | Paramiko Search vendor "Paramiko" for product "Paramiko" | >= 2.3.0 < 2.3.2 Search vendor "Paramiko" for product "Paramiko" and version " >= 2.3.0 < 2.3.2" | - |
Affected
| ||||||
| Paramiko Search vendor "Paramiko" | Paramiko Search vendor "Paramiko" for product "Paramiko" | 2.4.0 Search vendor "Paramiko" for product "Paramiko" and version "2.4.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Engine Search vendor "Redhat" for product "Ansible Engine" | 2.0 Search vendor "Redhat" for product "Ansible Engine" and version "2.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Engine Search vendor "Redhat" for product "Ansible Engine" | 2.4 Search vendor "Redhat" for product "Ansible Engine" and version "2.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Cloudforms Search vendor "Redhat" for product "Cloudforms" | 4.5 Search vendor "Redhat" for product "Cloudforms" and version "4.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Cloudforms Search vendor "Redhat" for product "Cloudforms" | 4.6 Search vendor "Redhat" for product "Cloudforms" and version "4.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Virtualization Search vendor "Redhat" for product "Virtualization" | 4.1 Search vendor "Redhat" for product "Virtualization" and version "4.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.5 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 6.7 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "6.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 6.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "6.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||