CVE-2018-7750

Paramiko 2.4.1 - Authentication Bypass

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

transport.py en la implementación del servidor SSH de Paramiko, en versiones anteriores a la 1.17.6; versiones 1.18.x anteriores a la 1.18.5; versiones 2.0.x anteriores a la 2.0.8; versiones 2.1.x anteriores a la 2.1.5; versiones 2.2.x anteriores a la 2.2.3; versiones 2.3.x anteriores a la 2.3.2 y versiones 2.4.x anteriores a la 2.4.1, no comprueba adecuadamente si la autenticación se ha completado antes de procesar otras peticiones, tal y como demuestra channel-open. Un cliente SSH personalizado puede simplemente omitir el paso de autenticación.

It was found that when acting as an SSH server, paramiko did not properly check whether authentication is completed before processing other requests. A customized SSH client could use this to bypass authentication when accessing any resources controlled by paramiko.

Nutanix AOS and Prism suffer from an SFTP authentication bypass vulnerability.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-03-07 CVE Reserved
2018-03-13 CVE Published
2018-11-06 First Exploit
2024-06-16 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-287: Improper Authentication

CAPEC

References (21)

URL	Tag	Source
http://www.securityfocus.com/bid/103713	Third Party Advisory
https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst	Third Party Advisory
https://github.com/paramiko/paramiko/issues/1175	Issue Tracking
https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html	Mailing List
https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html	Mailing List

URL	Date	SRC
https://www.exploit-db.com/exploits/45712	2024-08-05
https://github.com/jm33-m0/CVE-2018-7750	2018-11-06

URL	Date	SRC
https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516	2022-04-18

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2018:0591	2022-04-18
https://access.redhat.com/errata/RHSA-2018:0646	2022-04-18
https://access.redhat.com/errata/RHSA-2018:1124	2022-04-18
https://access.redhat.com/errata/RHSA-2018:1125	2022-04-18
https://access.redhat.com/errata/RHSA-2018:1213	2022-04-18
https://access.redhat.com/errata/RHSA-2018:1274	2022-04-18
https://access.redhat.com/errata/RHSA-2018:1328	2022-04-18
https://access.redhat.com/errata/RHSA-2018:1525	2022-04-18
https://access.redhat.com/errata/RHSA-2018:1972	2022-04-18
https://usn.ubuntu.com/3603-1	2022-04-18
https://usn.ubuntu.com/3603-2	2022-04-18
https://access.redhat.com/security/cve/CVE-2018-7750	2018-06-25
https://bugzilla.redhat.com/show_bug.cgi?id=1557130	2018-06-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Paramiko Search vendor "Paramiko"		Paramiko Search vendor "Paramiko" for product "Paramiko"				< 1.17.6 Search vendor "Paramiko" for product "Paramiko" and version " < 1.17.6"		-		Affected
Paramiko Search vendor "Paramiko"		Paramiko Search vendor "Paramiko" for product "Paramiko"				>= 1.18.0 < 1.18.5 Search vendor "Paramiko" for product "Paramiko" and version " >= 1.18.0 < 1.18.5"		-		Affected
Paramiko Search vendor "Paramiko"		Paramiko Search vendor "Paramiko" for product "Paramiko"				>= 2.0.0 < 2.0.8 Search vendor "Paramiko" for product "Paramiko" and version " >= 2.0.0 < 2.0.8"		-		Affected
Paramiko Search vendor "Paramiko"		Paramiko Search vendor "Paramiko" for product "Paramiko"				>= 2.1.0 < 2.1.5 Search vendor "Paramiko" for product "Paramiko" and version " >= 2.1.0 < 2.1.5"		-		Affected
Paramiko Search vendor "Paramiko"		Paramiko Search vendor "Paramiko" for product "Paramiko"				>= 2.2.0 < 2.2.3 Search vendor "Paramiko" for product "Paramiko" and version " >= 2.2.0 < 2.2.3"		-		Affected
Paramiko Search vendor "Paramiko"		Paramiko Search vendor "Paramiko" for product "Paramiko"				>= 2.3.0 < 2.3.2 Search vendor "Paramiko" for product "Paramiko" and version " >= 2.3.0 < 2.3.2"		-		Affected
Paramiko Search vendor "Paramiko"		Paramiko Search vendor "Paramiko" for product "Paramiko"				2.4.0 Search vendor "Paramiko" for product "Paramiko" and version "2.4.0"		-		Affected
Redhat Search vendor "Redhat"		Ansible Engine Search vendor "Redhat" for product "Ansible Engine"				2.0 Search vendor "Redhat" for product "Ansible Engine" and version "2.0"		-		Affected
Redhat Search vendor "Redhat"		Ansible Engine Search vendor "Redhat" for product "Ansible Engine"				2.4 Search vendor "Redhat" for product "Ansible Engine" and version "2.4"		-		Affected
Redhat Search vendor "Redhat"		Cloudforms Search vendor "Redhat" for product "Cloudforms"				4.5 Search vendor "Redhat" for product "Cloudforms" and version "4.5"		-		Affected
Redhat Search vendor "Redhat"		Cloudforms Search vendor "Redhat" for product "Cloudforms"				4.6 Search vendor "Redhat" for product "Cloudforms" and version "4.6"		-		Affected
Redhat Search vendor "Redhat"		Virtualization Search vendor "Redhat" for product "Virtualization"				4.1 Search vendor "Redhat" for product "Virtualization" and version "4.1"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				6.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				6.5 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.5"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				6.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus"				6.7 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "6.7"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				6.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "6.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected