CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

Published : 2018-10-17 12:29 Updated : 2019-10-09 23:33

6.4
CVSS Score More info
Score 6.4 / 10
6.4
Vendor Product Version URI
Libssh Libssh 0.6.0 cpe:/a:libssh:libssh:0.6.0
Libssh Libssh 0.6.1 cpe:/a:libssh:libssh:0.6.1
Libssh Libssh 0.6.2 cpe:/a:libssh:libssh:0.6.2
Libssh Libssh 0.6.3 cpe:/a:libssh:libssh:0.6.3
Libssh Libssh 0.6.4 cpe:/a:libssh:libssh:0.6.4
Libssh Libssh 0.7.2 cpe:/a:libssh:libssh:0.7.2
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Canonical Ubuntu Linux 18.04 cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Libssh Libssh 0.6.5 cpe:/a:libssh:libssh:0.6.5
Libssh Libssh 0.7.0 cpe:/a:libssh:libssh:0.7.0
Libssh Libssh 0.7.1 cpe:/a:libssh:libssh:0.7.1
Libssh Libssh 0.7.3 cpe:/a:libssh:libssh:0.7.3
Libssh Libssh 0.7.4 cpe:/a:libssh:libssh:0.7.4
Libssh Libssh 0.7.5 cpe:/a:libssh:libssh:0.7.5
Libssh Libssh 0.8.0 cpe:/a:libssh:libssh:0.8.0
Libssh Libssh 0.8.1 cpe:/a:libssh:libssh:0.8.1
Libssh Libssh 0.8.2 cpe:/a:libssh:libssh:0.8.2
Libssh Libssh 0.8.3 cpe:/a:libssh:libssh:0.8.3
Netapp Oncommand Workflow Automation - cpe:/a:netapp:oncommand_workflow_automation:-
Netapp Snapcenter - cpe:/a:netapp:snapcenter:-
Netapp Storage Automation Store - cpe:/a:netapp:storage_automation_store:-
Oracle Mysql Workbench 8.0.13 cpe:/a:oracle:mysql_workbench:8.0.13
Canonical Ubuntu Linux 18.10 cpe:/o:canonical:ubuntu_linux:18.10
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Redhat Enterprise Linux 7.0 cpe:/o:redhat:enterprise_linux:7.0
  1. Debian (1) Search CVE
    1. Debian Linux (2) Search CVE
      1. 9.0
      2. 8.0
  2. Netapp (3) Search CVE
    1. Oncommand Workflow Automation (1) Search CVE
      1. -
    2. Snapcenter (1) Search CVE
      1. -
    3. Storage Automation Store (1) Search CVE
      1. -
  3. Canonical (1) Search CVE
    1. Ubuntu Linux (4) Search CVE
      1. 14.04
      2. 16.04
      3. 18.04
      4. 18.10
  4. Libssh (1) Search CVE
    1. Libssh (16) Search CVE
      1. 0.6.0
      2. 0.6.1
      3. 0.6.2
      4. 0.6.3
      5. 0.6.4
      6. 0.7.2
      7. 0.6.5
      8. 0.7.0
      9. 0.7.1
      10. 0.7.3
      11. 0.7.4
      12. 0.7.5
      13. 0.8.0
      14. 0.8.1
      15. 0.8.2
      16. 0.8.3
  5. Redhat (1) Search CVE
    1. Enterprise Linux (1) Search CVE
      1. 7.0
  6. Oracle (1) Search CVE
    1. Mysql Workbench (1) Search CVE
      1. 8.0.13

CWE

ID Name Description Links
CWE-287 Improper Authentication When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. CVE

History of changes

Date Event
2019-04-25 13:41
2019-01-19 11:29
2019-01-16 19:29
2018-10-23 10:29
2018-10-20 10:29
2018-10-19 10:29
2018-10-18 13:37
2018-10-18 10:29
2018-10-17 12:29

New CVE