CVE-2018-15473 - Vulnerability Details

- openssh: User enumeration via malformed packets in authentication requests

Description

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

Published: 2018-08-17

Score: 5.9 Medium

EPSS: 90.4% High

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

Configuration 5 [-]

AND

cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*

Configuration 6 [-]

OR	cpe:2.3:a:netapp:aff_baseboard_management_controller:-:::::::*
	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:data_ontap_edge:-:::::::*
	cpe:2.3:a:netapp:fas_baseboard_management_controller:-:::::::*
	cpe:2.3:a:netapp:oncommand_unified_manager::::::vsphere::*
	cpe:2.3:a:netapp:ontap_select_deploy:-:::::::*
	cpe:2.3:a:netapp:service_processor:-:::::::*
	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*
	cpe:2.3:a:netapp:virtual_storage_console::::::vsphere::*
	cpe:2.3:o:netapp:clustered_data_ontap:-:::::::*
	cpe:2.3:o:netapp:data_ontap:-:::::7-mode::

Configuration 7 [-]

AND

cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:*:*:*

cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:a:netapp:storage_replication_adapter:*:*:*:*:*:vsphere:*:*

cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Configuration 9 [-]

cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
openssh-0:5.3p1-124.el6_10	cpe:/o:redhat:enterprise_linux:6	RHSA-2019:0711	2019-04-09T00:00:00Z
Red Hat Enterprise Linux 7
openssh-0:7.4p1-21.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:2143	2019-08-06T00:00:00Z

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-1474-1	openssh security update
Debian DLA	DLA-1476-1	dropbear security update
Debian DSA	DSA-4280-1	openssh security update
Ubuntu USN	USN-3809-1	OpenSSH vulnerabilities

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.90356.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
http://www.openwall.com/lists/oss-security/2018/08/15/5
http://www.securityfocus.com/bid/105140
http://www.securitytracker.com/id/1041487
https://access.redhat.com/errata/RHSA-2019:0711
https://access.redhat.com/errata/RHSA-2019:2143
https://bugs.debian.org/906236
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html
https://nvd.nist.gov/vuln/detail/CVE-2018-15473
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011
https://security.gentoo.org/glsa/201810-03
https://security.netapp.com/advisory/ntap-20181101-0001/
https://usn.ubuntu.com/3809-1/
https://www.cve.org/CVERecord?id=CVE-2018-15473
https://www.debian.org/security/2018/dsa-4280
https://www.exploit-db.com/exploits/45210/
https://www.exploit-db.com/exploits/45233/
https://www.exploit-db.com/exploits/45939/
https://www.oracle.com/security-alerts/cpujan2020.html

History

Wed, 17 Dec 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Subscriptions

Canonical Ubuntu Linux

Debian Debian Linux

Netapp Aff Baseboard Management Controller Cloud Backup Clustered Data Ontap Cn1610 Cn1610 Firmware Data Ontap Data Ontap Edge Fas Baseboard Management Controller Oncommand Unified Manager Ontap Select Deploy Service Processor Steelstore Cloud Integrated Storage Storage Replication Adapter Vasa Provider Virtual Storage Console

Openbsd Openssh

Oracle Sun Zfs Storage Appliance Kit

Redhat Enterprise Linux Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation

Siemens Scalance X204rna Scalance X204rna Firmware

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-08-17T00:00:00.000Z

Updated: 2025-12-17T21:22:47.283Z

Reserved: 2018-08-17T00:00:00.000Z

Link: CVE-2018-15473

Vulnrichment

Updated: 2024-08-05T09:54:03.508Z

NVD

Status : Modified

Published: 2018-08-17T19:29:00.223

Modified: 2025-12-17T22:15:54.557

Link: CVE-2018-15473

Redhat

Severity : Low

Publid Date: 2018-08-16T00:00:00Z

Links: CVE-2018-15473 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object