Lucene search

CVE-2018-7750

🗓️ 13 Mar 2018 18:00:29Reported by [email protected]Type

transport.py in Paramiko SSH server before 2.4.1 does not properly check authentication before processing requests. Allows customized SSH client to skip authentication

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 112
Fedora	[SECURITY] Fedora 28 Update: python-paramiko-2.4.1-1.fc28	30 Mar 201813:35	–	fedora
Fedora	[SECURITY] Fedora 27 Update: python-paramiko-2.3.2-1.fc27	1 Apr 201803:30	–	fedora
Fedora	[SECURITY] Fedora 26 Update: python-paramiko-2.2.3-1.fc26	1 Apr 201803:52	–	fedora
Fedora	[SECURITY] Fedora 27 Update: python-paramiko-2.3.3-1.fc27	14 Oct 201823:31	–	fedora
RedhatCVE	CVE-2018-7750	8 Apr 202021:02	–	redhatcve
Tenable Nessus	Ubuntu 14.04 LTS / 16.04 LTS : Paramiko vulnerability (USN-3603-1)	21 Mar 201800:00	–	nessus
Tenable Nessus	RHEL 7 : python-paramiko (RHSA-2018:0646)	11 Apr 201800:00	–	nessus
Tenable Nessus	CentOS 6 : python-paramiko (CESA-2018:1124)	3 May 201800:00	–	nessus
Tenable Nessus	Fedora 26 : python-paramiko (2018-c1769746da)	2 Apr 201800:00	–	nessus
Tenable Nessus	Scientific Linux Security Update : python-paramiko on SL6.x (noarch) (20180412)	16 Apr 201800:00	–	nessus

Nvd

Node

paramiko paramikoRange<1.17.6

paramiko paramikoRange1.18.0–1.18.5

paramiko paramikoRange2.0.0–2.0.8

paramiko paramikoRange2.1.0–2.1.5

paramiko paramikoRange2.2.0–2.2.3

paramiko paramikoRange2.3.0–2.3.2

paramiko paramikoMatch2.4.0

Node

redhat ansible_engineMatch2.0

redhat ansible_engineMatch2.4

redhat cloudformsMatch4.5

redhat cloudformsMatch4.6

redhat virtualizationMatch4.1

redhat enterprise_linux_desktopMatch6.0

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_serverMatch7.0

redhat enterprise_linux_server_ausMatch6.4

redhat enterprise_linux_server_ausMatch6.5

redhat enterprise_linux_server_ausMatch6.6

redhat enterprise_linux_server_eusMatch6.7

redhat enterprise_linux_server_tusMatch6.6

redhat enterprise_linux_workstationMatch6.0

Node

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

Source	Link
access	www.access.redhat.com/errata/RHSA-2018:1972
access	www.access.redhat.com/errata/RHSA-2018:1213
github	www.github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst
usn	www.usn.ubuntu.com/3603-1/
usn	www.usn.ubuntu.com/3603-2/
access	www.access.redhat.com/errata/RHSA-2018:0646
access	www.access.redhat.com/errata/RHSA-2018:0591
github	www.github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
github	www.github.com/paramiko/paramiko/issues/1175
lists	www.lists.debian.org/debian-lts-announce/2021/12/msg00025.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Mar 2018 18:29Current

9.7High risk

Vulners AI Score9.7

CVSS27.5

CVSS39.8

EPSS0.26481

CWE-287