CVE-2018-1000805

Sažetak

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

Reference

https://github.com/paramiko/paramiko/issues/1283
https://usn.ubuntu.com/3796-2/
https://usn.ubuntu.com/3796-1/
https://usn.ubuntu.com/3796-3/
https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
https://access.redhat.com/errata/RHSA-2018:3406
https://access.redhat.com/errata/RHSA-2018:3347
https://access.redhat.com/errata/RHSA-2018:3505
https://access.redhat.com/errata/RHBA-2018:3497
https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt
https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

06-04-2022 - 18:35

Objavljeno

08-10-2018 - 15:29