CVE-2018-7750

Name of the Vulnerable Software and Affected Versions Paramiko versions prior to 1.17.6 Paramiko versions 1.18.x prior to 1.18.5 Paramiko versions 2.0.x prior to 2.0.8 Paramiko versions 2.1.x prior to 2.1.5 Paramiko versions 2.2.x prior to 2.2.3 Paramiko versions 2.3.x prior to 2.3.2 Paramiko versions 2.4.x prior to 2.4.1

Description The issue is related to the transport.py component of the Paramiko library, which has weaknesses in its authentication procedure. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability can be exploited by a customized SSH client that skips the authentication step, as demonstrated by the channel-open request.

Recommendations For Paramiko versions prior to 1.17.6, update to version 1.17.6 or later. For Paramiko versions 1.18.x prior to 1.18.5, update to version 1.18.5 or later. For Paramiko versions 2.0.x prior to 2.0.8, update to version 2.0.8 or later. For Paramiko versions 2.1.x prior to 2.1.5, update to version 2.1.5 or later. For Paramiko versions 2.2.x prior to 2.2.3, update to version 2.2.3 or later. For Paramiko versions 2.3.x prior to 2.3.2, update to version 2.3.2 or later. For Paramiko versions 2.4.x prior to 2.4.1, update to version 2.4.1 or later. As a temporary workaround, consider restricting access to the transport.py component until a patch is available.