Search for vulnerabilities
Vulnerability details: VCID-bhtn-1qeu-aaah
Vulnerability ID VCID-bhtn-1qeu-aaah
Aliases CVE-2018-10933
Summary A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-287 Improper Authentication
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10933.html
cvssv3 9.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10933.json
epss 0.13609 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.13609 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.13609 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.13609 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.13609 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.13609 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.13609 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.13609 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.13609 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.13609 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.13609 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.13609 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.25948 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.25948 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.25948 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.25948 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79855 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79855 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79855 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79855 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.8088 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.8088 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.8088 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.8088 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.8088 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.8088 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.8088 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10933
cvssv3 9.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 6.4 https://nvd.nist.gov/vuln/detail/CVE-2018-10933
cvssv3 9.1 https://nvd.nist.gov/vuln/detail/CVE-2018-10933
archlinux Critical https://security.archlinux.org/AVG-780
generic_textual Medium https://ubuntu.com/security/notices/USN-3795-1
generic_textual Medium https://ubuntu.com/security/notices/USN-3795-2
generic_textual Medium https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
cvssv3.1 9.8 https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
generic_textual CRITICAL https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10933.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10933.json
https://api.first.org/data/v1/epss?cve=CVE-2018-10933
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10933
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016
https://security.netapp.com/advisory/ntap-20190118-0002/
https://ubuntu.com/security/notices/USN-3795-1
https://ubuntu.com/security/notices/USN-3795-2
https://usn.ubuntu.com/3795-1/
https://usn.ubuntu.com/3795-2/
https://www.debian.org/security/2018/dsa-4322
https://www.exploit-db.com/exploits/45638/
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
http://www.securityfocus.com/bid/105677
911149 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911149
ASA-201810-10 https://security.archlinux.org/ASA-201810-10
AVG-780 https://security.archlinux.org/AVG-780
cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
CVE-2018-10933 Exploit https://github.com/blacknbunny/libSSH-Authentication-Bypass/blob/5dc55fbf5518f2e11503f08fa84a3640e60c7ec9/libsshauthbypass.py
CVE-2018-10933 Exploit https://github.com/jas502n/CVE-2018-10933/blob/05ee62e7ed7d4cd10e71ea10b28da990e37a24f4/libssh-CVE-2018-10933-jas502n.py
CVE-2018-10933 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45638.py
CVE-2018-10933 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46307.py
CVE-2018-10933 https://nvd.nist.gov/vuln/detail/CVE-2018-10933
RHBA-2018:3712 https://bugzilla.redhat.com/show_bug.cgi?id=1614973
Data source Metasploit
Description This module exploits an authentication bypass in libssh server code where a USERAUTH_SUCCESS message is sent in place of the expected USERAUTH_REQUEST message. libssh versions 0.6.0 through 0.7.5 and 0.8.0 through 0.8.3 are vulnerable. Note that this module's success depends on whether the server code can trigger the correct (shell/exec) callbacks despite only the state machine's authenticated state being set. Therefore, you may or may not get a shell if the server requires additional code paths to be followed.
Note 
{}
Ransomware campaign use Unknown
Source publication date Oct. 16, 2018
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/ssh/libssh_auth_bypass.rb
Data source Exploit-DB
Date added Feb. 3, 2019
Description LibSSH 0.7.6 / 0.8.4 - Unauthorized Access
Ransomware campaign use Known
Source publication date Oct. 20, 2018
Exploit type remote
Platform linux
Source update date Feb. 3, 2019
Source URL https://github.com/jas502n/CVE-2018-10933/blob/05ee62e7ed7d4cd10e71ea10b28da990e37a24f4/libssh-CVE-2018-10933-jas502n.py
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10933.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10933
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10933
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.95755
EPSS Score 0.13609
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.