What is CVE-2018-10933?

CVE-2018-10933 is a critical-severity vulnerability in [Unknown] Libssh, classified under CWE-592. CVSS score: 9.1/10. Published 2018-10-17.

How severe is CVE-2018-10933?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Is CVE-2018-10933 known to be exploited?

138 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in [Unknown] Libssh

CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

EPSS: 0.783 (99.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

[Unknown] Libssh — versions 0.7.6, 0.8.4

Weakness classification (CWE)

CWE-592

Public proof-of-concept exploits

References

USN-3795-1 (x_refsource_UBUNTU, vendor-advisory)
www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html (x_refsource_CONFIRM)
USN-3795-2 (x_refsource_UBUNTU, vendor-advisory)
DSA-4322 (vendor-advisory, x_refsource_DEBIAN)
45638 (exploit, x_refsource_EXPLOIT-DB)
www.libssh.org/security/advisories/CVE-2018-10933.txt (x_refsource_CONFIRM)
bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
105677 (vdb-entry, x_refsource_BID)
[debian-lts-announce] 20181018 [SECURITY] [DLA 1548-1] libssh security update (mailing-list, x_refsource_MLIST)
psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-10933?: CVE-2018-10933 is a critical-severity vulnerability in [Unknown] Libssh, classified under CWE-592. CVSS score: 9.1/10. Published 2018-10-17.
How severe is CVE-2018-10933?: Critical severity. CVSS v3 base score is 9.1 out of 10.
Is CVE-2018-10933 known to be exploited?: 138 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.