VDB
DEBIAN-CVE-2018-7750
DEBIAN-CVE-2018-7750
PUBLISHED
CVSS 9.800000190734863 CRITICAL
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | paramiko | 0, 0, 0 |
| Debian:13 | paramiko | 0, 0, 0 |
| Debian:14 | paramiko | 0, 0, 0 |
| Debian:11 | paramiko | 0, 0, 0 |
Timeline
- Mar 13, 2018 CVE Published
- Apr 28, 2026 CVE Updated