transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-03-13T18:00:00
Updated: 2024-08-05T06:37:58.928Z
Reserved: 2018-03-07T00:00:00
Link: CVE-2018-7750
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-03-13T18:29:00.303
Modified: 2022-04-18T17:30:23.640
Link: CVE-2018-7750
Redhat