← volver
CVE-2018-7750

CVE-2018-7750

EPSS 27.1%
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
Productos afectados
n/a · n/a
PoCs públicas encontradas4
githubgithub.com/jm33-m0/CVE-2018-775021githubgithub.com/tlavi00/CVE-2018-77500cve_referencewww.exploit-db.com/exploits/45712/no verificadoexploitdbwww.exploit-db.com/exploits/45712no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2018:0591https://access.redhat.com/errata/RHSA-2018:0646https://access.redhat.com/errata/RHSA-2018:1124https://access.redhat.com/errata/RHSA-2018:1125https://access.redhat.com/errata/RHSA-2018:1213https://access.redhat.com/errata/RHSA-2018:1274https://access.redhat.com/errata/RHSA-2018:1328https://access.redhat.com/errata/RHSA-2018:1525https://access.redhat.com/errata/RHSA-2018:1972https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rsthttps://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516https://github.com/paramiko/paramiko/issues/1175