CVE-2018-1000805

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

References

https://access.redhat.com/errata/RHBA-2018:3497

https://access.redhat.com/errata/RHSA-2018:3347

https://access.redhat.com/errata/RHSA-2018:3406

https://access.redhat.com/errata/RHSA-2018:3505

https://github.com/paramiko/paramiko/issues/1283

https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt

https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html

https://usn.ubuntu.com/3796-1/

https://usn.ubuntu.com/3796-2/

https://usn.ubuntu.com/3796-3/

Details

Source: MITRE

Published: 2018-10-08

Updated: 2020-10-15

Type: CWE-732

Risk Information

CVSS v2

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:paramiko:paramiko:1.17.6:*:*:*:*:*:*:*

cpe:2.3:a:paramiko:paramiko:1.18.5:*:*:*:*:*:*:*

cpe:2.3:a:paramiko:paramiko:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:paramiko:paramiko:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:paramiko:paramiko:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:paramiko:paramiko:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:paramiko:paramiko:2.4.1:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
148607EulerOS Virtualization 2.9.1 : python-paramiko (EulerOS-SA-2021-1734)NessusHuawei Local Security Checks
high
148593EulerOS Virtualization 2.9.0 : python-paramiko (EulerOS-SA-2021-1761)NessusHuawei Local Security Checks
high
146258EulerOS 2.0 SP9 : python-paramiko (EulerOS-SA-2021-1272)NessusHuawei Local Security Checks
high
146255EulerOS 2.0 SP9 : python-paramiko (EulerOS-SA-2021-1253)NessusHuawei Local Security Checks
high
137810EulerOS Virtualization for ARM 64 3.0.6.0 : python-paramiko (EulerOS-SA-2020-1703)NessusHuawei Local Security Checks
high
136866EulerOS 2.0 SP8 : python-paramiko (EulerOS-SA-2020-1588)NessusHuawei Local Security Checks
high
127417NewStart CGSL MAIN 4.05 : python-paramiko Vulnerability (NS-SA-2019-0147)NessusNewStart CGSL Local Security Checks
high
124907EulerOS Virtualization for ARM 64 3.0.1.0 : python-paramiko (EulerOS-SA-2019-1404)NessusHuawei Local Security Checks
high
124625EulerOS 2.0 SP5 : python-paramiko (EulerOS-SA-2019-1339)NessusHuawei Local Security Checks
high
122902Photon OS 1.0: Paramiko PHSA-2019-1.0-0205NessusPhotonOS Local Security Checks
critical
121589openSUSE Security Update : python-paramiko (openSUSE-2019-129)NessusSuSE Local Security Checks
high
120878Fedora 29 : python-paramiko (2018-ea6b328afd)NessusFedora Local Security Checks
high
120374Fedora 28 : python-paramiko (2018-3ff1cb628b)NessusFedora Local Security Checks
high
119932EulerOS 2.0 SP2 : python-paramiko (EulerOS-SA-2018-1443)NessusHuawei Local Security Checks
high
119197Scientific Linux Security Update : python-paramiko on SL7.x (noarch) (20181030)NessusScientific Linux Local Security Checks
high
119090Virtuozzo 6 : python-paramiko (VZLSA-2018-3406)NessusVirtuozzo Local Security Checks
high
119044CentOS 7 : python-paramiko (CESA-2018:3347)NessusCentOS Local Security Checks
high
118838CentOS 6 : python-paramiko (CESA-2018:3406)NessusCentOS Local Security Checks
high
118810Oracle Linux 7 : python-paramiko (ELSA-2018-3347)NessusOracle Linux Local Security Checks
high
118790RHEL 7 : Virtualization Manager (RHSA-2018:3470)NessusRed Hat Local Security Checks
medium
118727Scientific Linux Security Update : python-paramiko on SL6.x (noarch) (20181031)NessusScientific Linux Local Security Checks
high
118708OracleVM 3.3 / 3.4 : python-paramiko (OVMSA-2018-0270)NessusOracleVM Local Security Checks
high
118553RHEL 6 : python-paramiko (RHSA-2018:3406)NessusRed Hat Local Security Checks
high
118543RHEL 7 : python-paramiko (RHSA-2018:3347)NessusRed Hat Local Security Checks
high
118511Oracle Linux 6 : python-paramiko (ELSA-2018-3406)NessusOracle Linux Local Security Checks
high
118469Debian DLA-1556-1 : paramiko security updateNessusDebian Local Security Checks
critical
118363Amazon Linux AMI : python-paramiko (ALAS-2018-1096)NessusAmazon Linux Local Security Checks
high
118326Ubuntu 18.10 : Paramiko vulnerability (USN-3796-3)NessusUbuntu Local Security Checks
high
118201Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Paramiko vulnerability (USN-3796-1)NessusUbuntu Local Security Checks
high
118154SSH Protocol Authentication Bypass (Remote Exploit Check)NessusMisc.
critical
118104Fedora 27 : python-paramiko (2018-aff51f5e62)NessusFedora Local Security Checks
high