CVE-2018-1000805

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

Published : 2018-10-08 15:29 Updated : 2019-10-03 00:03

6.5
CVSS Score More info
Score 6.5 / 10
6.5
Vendor Product Version URI
Paramiko Paramiko 1.17.6 cpe:/a:paramiko:paramiko:1.17.6
Paramiko Paramiko 1.18.5 cpe:/a:paramiko:paramiko:1.18.5
Paramiko Paramiko 2.0.8 cpe:/a:paramiko:paramiko:2.0.8
Paramiko Paramiko 2.1.5 cpe:/a:paramiko:paramiko:2.1.5
Paramiko Paramiko 2.2.3 cpe:/a:paramiko:paramiko:2.2.3
Paramiko Paramiko 2.3.2 cpe:/a:paramiko:paramiko:2.3.2
Paramiko Paramiko 2.4.1 cpe:/a:paramiko:paramiko:2.4.1
Canonical Ubuntu Linux 12.04 cpe:/o:canonical:ubuntu_linux:12.04::~~esm~~~
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Canonical Ubuntu Linux 18.04 cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
Canonical Ubuntu Linux 18.10 cpe:/o:canonical:ubuntu_linux:18.10
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Redhat Enterprise Linux Desktop 6.0 cpe:/o:redhat:enterprise_linux_desktop:6.0
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 6.0 cpe:/o:redhat:enterprise_linux_server:6.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Server Aus 6.4 cpe:/o:redhat:enterprise_linux_server_aus:6.4
Redhat Enterprise Linux Server Aus 6.5 cpe:/o:redhat:enterprise_linux_server_aus:6.5
Redhat Enterprise Linux Server Aus 6.6 cpe:/o:redhat:enterprise_linux_server_aus:6.6
Redhat Enterprise Linux Server Aus 7.6 cpe:/o:redhat:enterprise_linux_server_aus:7.6
Redhat Enterprise Linux Server Eus 6.7 cpe:/o:redhat:enterprise_linux_server_eus:6.7
Redhat Enterprise Linux Server Eus 7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.6
Redhat Enterprise Linux Server Tus 6.6 cpe:/o:redhat:enterprise_linux_server_tus:6.6
Redhat Enterprise Linux Server Tus 7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.6
Redhat Enterprise Linux Workstation 6.0 cpe:/o:redhat:enterprise_linux_workstation:6.0
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
Redhat Ansible Tower 3.3 cpe:/a:redhat:ansible_tower:3.3
Redhat Virtualization Host 4.0 cpe:/a:redhat:virtualization_host:4.0
Redhat Virtualization 4.0 cpe:/o:redhat:virtualization:4.0
  1. Paramiko (1) Search CVE
    1. Paramiko (7) Search CVE
      1. 1.17.6
      2. 1.18.5
      3. 2.0.8
      4. 2.1.5
      5. 2.2.3
      6. 2.3.2
      7. 2.4.1
  2. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 8.0
  3. Canonical (1) Search CVE
    1. Ubuntu Linux (5) Search CVE
      1. 12.04
      2. 14.04
      3. 16.04
      4. 18.04
      5. 18.10
  4. Redhat (9) Search CVE
    1. Enterprise Linux Server Tus (2) Search CVE
      1. 6.6
      2. 7.6
    2. Virtualization (1) Search CVE
      1. 4.0
    3. Ansible Tower (1) Search CVE
      1. 3.3
    4. Virtualization Host (1) Search CVE
      1. 4.0
    5. Enterprise Linux Server Aus (4) Search CVE
      1. 6.4
      2. 6.5
      3. 6.6
      4. 7.6
    6. Enterprise Linux Server (2) Search CVE
      1. 6.0
      2. 7.0
    7. Enterprise Linux Desktop (2) Search CVE
      1. 6.0
      2. 7.0
    8. Enterprise Linux Server Eus (2) Search CVE
      1. 6.7
      2. 7.6
    9. Enterprise Linux Workstation (2) Search CVE
      1. 6.0
      2. 7.0

CWE

ID Name Description Links
CWE-732 Incorrect Permission Assignment for Critical Resource The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CVE

History of changes

Date Event
2019-10-03 00:03
2019-04-16 20:53
2019-03-21 16:00
2019-01-08 16:26
2018-12-14 11:29
2018-11-07 11:29
2018-10-31 10:30
2018-10-29 12:29
2018-10-23 10:29
2018-10-18 10:29
2018-10-08 15:29

New CVE