CVE-2018-1000805

HIGH

Paramiko 2.4.1 2.3.2 2.2.3 2.1.5 2.0.8 1.18.5 1.17.6 - Remote Code Execution via SSH Server Incorrect Access Control

Title source: llm
STIX 2.1

Description

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

References (11)

Core 11
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3347
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3406
Patch, Third Party Advisory x_refsource_confirm
https://github.com/paramiko/paramiko/issues/1283
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3796-3/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3505
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHBA-2018:3497
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3796-2/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3796-1/
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html

Scores

CVSS v3 8.8
EPSS 0.0078
EPSS Percentile 73.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-863
Status published
Products (31)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 18.10
debian/debian_linux 8.0
debian/debian_linux 9.0
paramiko/paramiko 1.17.6
paramiko/paramiko 1.18.5
paramiko/paramiko 2.0.8
... and 21 more
Published Oct 08, 2018
Tracked Since Feb 18, 2026