View all vulnerabilities

CVE-2018-1000805

Paramiko Authentication Bypass vulnerability

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
8.7
Score Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Versions
paramiko >= 2.4.0 < 2.4.2; paramiko >= 2.3.0 < 2.3.3; paramiko >= 2.2.0 < 2.2.4; paramiko >= 2.1.0 < 2.1.6; paramiko >= 1.5.1 < 2.0.9
Severity
High
Ecosystem
Python
Publish Date
October 10, 2018
Modified Date
October 9, 2024