Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
https://github.com/paramiko/paramiko/issues/1283
https://usn.ubuntu.com/3796-2/
https://usn.ubuntu.com/3796-1/
https://usn.ubuntu.com/3796-3/
https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
https://access.redhat.com/errata/RHSA-2018:3406
https://access.redhat.com/errata/RHSA-2018:3347
https://access.redhat.com/errata/RHSA-2018:3505
https://access.redhat.com/errata/RHBA-2018:3497
https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt
https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
Source: MITRE
Published: 2018-10-08
Updated: 2022-04-06
Type: CWE-863
Base Score: 6.5
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8
Severity: MEDIUM
Base Score: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH