What is CVE-2018-7750?

CVE-2018-7750 is a critical-severity vulnerability in Paramiko, classified under Improper Authentication. CVSS score: 9.8/10. Published 2018-03-13.

How severe is CVE-2018-7750?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2018-7750 known to be exploited?

11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Paramiko

CVE-2018-7750

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentic…

Vulnerability class: Broken Authentication

EPSS: 0.271 (97.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Paramiko — versions 2.4.0
Debian Debian_linux — versions 8.0, 9.0
Redhat Ansible_engine — versions 2.0, 2.4
Redhat Cloudforms — versions 4.5, 4.6
Redhat Enterprise_linux_desktop — versions 6.0
Redhat Enterprise_linux_server — versions 6.0, 7.0
Redhat Enterprise_linux_server_aus — versions 6.4, 6.5, 6.6
Redhat Enterprise_linux_server_eus — versions 6.7
Redhat Enterprise_linux_server_tus — versions 6.6
Redhat Enterprise_linux_workstation — versions 6.0

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
cve@mitre.org (Exploit, VDB Entry, Third Party Advisory, exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)
cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
cve@mitre.org (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
cve@mitre.org (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)

Frequently asked questions

What is CVE-2018-7750?: CVE-2018-7750 is a critical-severity vulnerability in Paramiko, classified under Improper Authentication. CVSS score: 9.8/10. Published 2018-03-13.
How severe is CVE-2018-7750?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2018-7750 known to be exploited?: 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.