PT-2018-2950 · None+4 · Paramiko+4

Daniel Hoffman

·

Published

2018-10-08

·

Updated

2026-06-13

·

CVE-2018-1000805

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Paramiko versions 1.17.6 through 2.4.1
Description The issue is related to insufficient access control in the Paramiko library, which can be exploited by a remote attacker to execute arbitrary code using the SSH protocol. This can result in remote code execution (RCE) via network connectivity.
Recommendations For Paramiko version 2.4.1, update to a version that fixes the access control issue. For Paramiko version 2.3.2, update to a version that fixes the access control issue. For Paramiko version 2.2.3, update to a version that fixes the access control issue. For Paramiko version 2.1.5, update to a version that fixes the access control issue. For Paramiko version 2.0.8, update to a version that fixes the access control issue. For Paramiko version 1.18.5, update to a version that fixes the access control issue. For Paramiko version 1.17.6, update to a version that fixes the access control issue. As a temporary workaround, consider restricting access to the SSH server to minimize the risk of exploitation.

Exploit

Fix

RCE

Improper Access Control

Incorrect Permission

Incorrect Authorization

Weakness Enumeration

CWE-305CWE-284CWE-732CWE-863

Related Identifiers

BDU:2019-02721
CESA-2018_3347
CESA-2018_3406
CVE-2018-1000805
DLA-1556-1
DLA-2860-1
GHSA-F2J6-WRHH-V25M
OESA-2021-1069
OPENSUSE-SU-2019:0129-1
OPENSUSE-SU-2019_0129-1
OPENSUSE-SU-2022_3730-1
OPENSUSE-SU-2024:11249-1
OPENSUSE-SU-2026:11025-1
PYSEC-2018-69
RHSA-2018:3347
RHSA-2018:3406
RHSA-2018:3470
RHSA-2018_3347
RHSA-2018_3406
SUSE-SU-2019:0174-1
SUSE-SU-2019:0396-1
SUSE-SU-2019:0481-1
SUSE-SU-2019_0174-1
SUSE-SU-2020:1274-1
SUSE-SU-2021:0038-1
SUSE-SU-2021_0038-1
SUSE-SU-2022:3730-1
SUSE-SU-2022_3730-1
USN-3796-1
USN-3796-2
USN-3796-3

Affected Products

Centos
Paramiko
Red Hat
Suse
Ubuntu