What is CVE-2018-15473?

CVE-2018-15473 is a vulnerability in N/a. Published 2018-08-17.

Is CVE-2018-15473 known to be exploited?

199 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-15473

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c…

EPSS: 0.904 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

GLSA-201810-03 (vendor-advisory)
1041487 (vdb-entry)
45233 (exploit)
bugs.debian.org/906236
45210 (exploit)
security.netapp.com/advisory/ntap-20181101-0001/
github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
USN-3809-1 (vendor-advisory)
[debian-lts-announce] 20180821 [SECURITY] [DLA-1474-1] openssh security update (mailing-list)
105140 (vdb-entry)

Frequently asked questions

What is CVE-2018-15473?: CVE-2018-15473 is a vulnerability in N/a. Published 2018-08-17.
Is CVE-2018-15473 known to be exploited?: 199 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.