transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-13T18:00:00

Updated: 2024-08-05T06:37:58.928Z

Reserved: 2018-03-07T00:00:00

Link: CVE-2018-7750

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2018-03-13T18:29:00.303

Modified: 2022-04-18T17:30:23.640

Link: CVE-2018-7750

cve-icon Redhat

Severity : Critical

Publid Date: 2018-03-13T00:00:00Z

Links: CVE-2018-7750 - Bugzilla