← voltar
CVE-2018-7750

CVE-2018-7750

EPSS 27.1%
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
Produtos afetados
n/a · n/a
PoCs públicas encontradas4
githubgithub.com/jm33-m0/CVE-2018-775021githubgithub.com/tlavi00/CVE-2018-77500cve_referencewww.exploit-db.com/exploits/45712/não verificadoexploitdbwww.exploit-db.com/exploits/45712não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHSA-2018:0591https://access.redhat.com/errata/RHSA-2018:0646https://access.redhat.com/errata/RHSA-2018:1124https://access.redhat.com/errata/RHSA-2018:1125https://access.redhat.com/errata/RHSA-2018:1213https://access.redhat.com/errata/RHSA-2018:1274https://access.redhat.com/errata/RHSA-2018:1328https://access.redhat.com/errata/RHSA-2018:1525https://access.redhat.com/errata/RHSA-2018:1972https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rsthttps://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516https://github.com/paramiko/paramiko/issues/1175