CVE-2018-7750

CRITICAL

Paramiko <2.4.1 - RCE

Title source: llm

Description

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

Exploits (3)

exploitdb WORKING POC
by Adam Brown · pythonremotelinux
https://www.exploit-db.com/exploits/45712
nomisec WORKING POC 21 stars
by jm33-m0 · poc
https://github.com/jm33-m0/CVE-2018-7750
nomisec WORKING POC
by tlavi00 · poc
https://github.com/tlavi00/CVE-2018-7750

References (18)

Scores

CVSS v3 9.8
EPSS 0.1383
EPSS Percentile 94.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (19)
debian/debian_linux 8.0
debian/debian_linux 9.0
paramiko/paramiko 2.4.0
paramiko/paramiko < 1.17.6
pypi/paramiko 2.0.0 - 2.0.8PyPI
redhat/ansible_engine 2.0
redhat/ansible_engine 2.4
redhat/cloudforms 4.5
redhat/cloudforms 4.6
redhat/enterprise_linux_desktop 6.0
... and 9 more
Published Mar 13, 2018
Tracked Since Feb 18, 2026