CVE-2018-7750

CRITICAL

Paramiko <2.4.1 - RCE

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2018-7750. PoCs published by Adam Brown, jm33-m0, tlavi00.

AI-analyzed exploit summary This PoC exploits an authentication bypass vulnerability in Paramiko by skipping the authentication step and directly opening an SFTP channel to list the root directory. It demonstrates the flaw where Paramiko fails to enforce authentication before allowing channel operations.

Description

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

Exploits (3)

exploitdb WORKING POC

by Adam Brown · pythonremotelinux

https://www.exploit-db.com/exploits/45712

View Code ZIP pw:eip

This PoC exploits an authentication bypass vulnerability in Paramiko by skipping the authentication step and directly opening an SFTP channel to list the root directory. It demonstrates the flaw where Paramiko fails to enforce authentication before allowing channel operations.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Paramiko < 1.17.6, 1.18.x < 1.18.5, 2.0.x < 2.0.8, 2.1.x < 2.1.5, 2.2.x < 2.2.3, 2.3.x < 2.3.2, and 2.4.x < 2.4.1

No auth needed

Prerequisites: Network access to the target SFTP server · Paramiko library installed on the attacker's machine

MITRE ATT&CK

T1550.003 - Pass the Ticket

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 21 stars

by jm33-m0 · poc

https://github.com/jm33-m0/CVE-2018-7750

View Code ZIP pw:eip

This repository contains a working PoC for CVE-2018-7750, a remote code execution vulnerability in Paramiko SSH server versions prior to 2.4.1. The exploit leverages a flaw in the command execution handling of the SSH server, allowing arbitrary command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Paramiko < 2.4.1

No auth needed

Prerequisites: Network access to a vulnerable Paramiko SSH server · Python environment with Paramiko library

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by tlavi00 · poc

https://github.com/tlavi00/CVE-2018-7750

View Code ZIP pw:eip

This PoC exploits an authentication bypass vulnerability in Paramiko (CVE-2018-7750) by skipping the authentication step and directly opening an SFTP channel to list the root directory. It demonstrates the flaw where Paramiko fails to enforce authentication before allowing channel operations.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Paramiko < 1.17.6, 1.18.x < 1.18.5, 2.0.x < 2.0.8, 2.1.x < 2.1.5, 2.2.x < 2.2.3, 2.3.x < 2.3.2, and 2.4.x < 2.4.1

No auth needed

Prerequisites: Network access to a vulnerable Paramiko server · SFTP service running on the target

MITRE ATT&CK