PT-2018-2950 · None+4 · Paramiko+4
Daniel Hoffman
·
Publicado
2018-10-08
·
Atualizado
2026-06-13
·
CVE-2018-1000805
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Paramiko versions 1.17.6 through 2.4.1
Description
The issue is related to insufficient access control in the Paramiko library, which can be exploited by a remote attacker to execute arbitrary code using the SSH protocol. This can result in remote code execution (RCE) via network connectivity.
Recommendations
For Paramiko version 2.4.1, update to a version that fixes the access control issue.
For Paramiko version 2.3.2, update to a version that fixes the access control issue.
For Paramiko version 2.2.3, update to a version that fixes the access control issue.
For Paramiko version 2.1.5, update to a version that fixes the access control issue.
For Paramiko version 2.0.8, update to a version that fixes the access control issue.
For Paramiko version 1.18.5, update to a version that fixes the access control issue.
For Paramiko version 1.17.6, update to a version that fixes the access control issue.
As a temporary workaround, consider restricting access to the SSH server to minimize the risk of exploitation.
Exploit
Correção
RCE
Improper Access Control
Incorrect Permission
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Centos
Paramiko
Red Hat
Suse
Ubuntu