This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Paramiko First view 2018-03-13
Product Paramiko Last view 2018-10-08
Version 1.18.5 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:paramiko:paramiko

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2018-10-08 CVE-2018-1000805

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

9.8 2018-03-13 CVE-2018-7750

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-732 Incorrect Permission Assignment for Critical Resource
50% (1) CWE-287 Improper Authentication

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-3ff1cb628b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-8f9d81a3fb.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ea6b328afd.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1443.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2018-3406.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3347.nasl - Type: ACT_GATHER_INFO
2018-11-09 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3406.nasl - Type: ACT_GATHER_INFO
2018-10-29 Name: The remote Debian host is missing a security update.
File: debian_DLA-1556.nasl - Type: ACT_GATHER_INFO
2018-10-25 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1096.nasl - Type: ACT_GATHER_INFO
2018-10-15 Name: The remote Fedora host is missing a security update.
File: fedora_2018-aff51f5e62.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0126.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0037.nasl - Type: ACT_GATHER_INFO
2018-05-03 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-1124.nasl - Type: ACT_GATHER_INFO
2018-04-06 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-989.nasl - Type: ACT_GATHER_INFO
2018-04-02 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c1769746da.nasl - Type: ACT_GATHER_INFO