VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
cvssv3	9.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10933.json
epss	0.78329	https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss	0.78329	https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss	0.78329	https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss	0.78329	https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss	0.78329	https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss	0.78329	https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss	0.78329	https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss	0.78329	https://api.first.org/data/v1/epss?cve=CVE-2018-10933
cvssv3	9.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux	Critical	https://security.archlinux.org/AVG-780

System

Score

Found at

cvssv3

9.1

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10933.json

epss

0.78329

https://api.first.org/data/v1/epss?cve=CVE-2018-10933

epss

0.78329

https://api.first.org/data/v1/epss?cve=CVE-2018-10933

epss

0.78329

https://api.first.org/data/v1/epss?cve=CVE-2018-10933

epss

0.78329

https://api.first.org/data/v1/epss?cve=CVE-2018-10933

epss

0.78329

https://api.first.org/data/v1/epss?cve=CVE-2018-10933

epss

0.78329

https://api.first.org/data/v1/epss?cve=CVE-2018-10933

epss

0.78329

https://api.first.org/data/v1/epss?cve=CVE-2018-10933

epss

0.78329

https://api.first.org/data/v1/epss?cve=CVE-2018-10933

cvssv3

9.8

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

archlinux

Critical

https://security.archlinux.org/AVG-780

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10933.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-10933
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10933
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1614973		https://bugzilla.redhat.com/show_bug.cgi?id=1614973
911149		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911149
ASA-201810-10		https://security.archlinux.org/ASA-201810-10
AVG-780		https://security.archlinux.org/AVG-780
CVE-2018-10933	Exploit	https://github.com/blacknbunny/libSSH-Authentication-Bypass/blob/5dc55fbf5518f2e11503f08fa84a3640e60c7ec9/libsshauthbypass.py
CVE-2018-10933	Exploit	https://github.com/jas502n/CVE-2018-10933/blob/05ee62e7ed7d4cd10e71ea10b28da990e37a24f4/libssh-CVE-2018-10933-jas502n.py
CVE-2018-10933	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45638.py
CVE-2018-10933	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46307.py
USN-3795-1		https://usn.ubuntu.com/3795-1/
USN-3795-2		https://usn.ubuntu.com/3795-2/

Reference id

Reference type

URL

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10933.json

https://api.first.org/data/v1/epss?cve=CVE-2018-10933

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10933

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

1614973

https://bugzilla.redhat.com/show_bug.cgi?id=1614973

911149

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911149

ASA-201810-10

https://security.archlinux.org/ASA-201810-10

AVG-780

https://security.archlinux.org/AVG-780

CVE-2018-10933

Exploit

https://github.com/blacknbunny/libSSH-Authentication-Bypass/blob/5dc55fbf5518f2e11503f08fa84a3640e60c7ec9/libsshauthbypass.py

CVE-2018-10933

Exploit

https://github.com/jas502n/CVE-2018-10933/blob/05ee62e7ed7d4cd10e71ea10b28da990e37a24f4/libssh-CVE-2018-10933-jas502n.py

CVE-2018-10933

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45638.py

CVE-2018-10933

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46307.py

USN-3795-1

https://usn.ubuntu.com/3795-1/

USN-3795-2

https://usn.ubuntu.com/3795-2/

Data source	Exploit-DB
Date added	Feb. 3, 2019
Description	LibSSH 0.7.6 / 0.8.4 - Unauthorized Access
Ransomware campaign use	Known
Source publication date	Oct. 20, 2018
Exploit type	remote
Platform	linux
Source update date	Feb. 3, 2019
Source URL	https://github.com/jas502n/CVE-2018-10933/blob/05ee62e7ed7d4cd10e71ea10b28da990e37a24f4/libssh-CVE-2018-10933-jas502n.py

Exploit-DB

Feb. 3, 2019

LibSSH 0.7.6 / 0.8.4 - Unauthorized Access

Known

Oct. 20, 2018

remote

linux

Feb. 3, 2019

https://github.com/jas502n/CVE-2018-10933/blob/05ee62e7ed7d4cd10e71ea10b28da990e37a24f4/libssh-CVE-2018-10933-jas502n.py

Data source	Metasploit
Description	This module exploits an authentication bypass in libssh server code where a USERAUTH_SUCCESS message is sent in place of the expected USERAUTH_REQUEST message. libssh versions 0.6.0 through 0.7.5 and 0.8.0 through 0.8.3 are vulnerable. Note that this module's success depends on whether the server code can trigger the correct (shell/exec) callbacks despite only the state machine's authenticated state being set. Therefore, you may or may not get a shell if the server requires additional code paths to be followed.
Note	Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects
Ransomware campaign use	Unknown
Source publication date	Oct. 16, 2018
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/ssh/libssh_auth_bypass.rb

Metasploit

This module exploits an authentication bypass in libssh server code where a USERAUTH_SUCCESS message is sent in place of the expected USERAUTH_REQUEST message. libssh versions 0.6.0 through 0.7.5 and 0.8.0 through 0.8.3 are vulnerable. Note that this module's success depends on whether the server code can trigger the correct (shell/exec) callbacks despite only the state machine's authenticated state being set. Therefore, you may or may not get a shell if the server requires additional code paths to be followed.

Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects

Unknown

Oct. 16, 2018

https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/ssh/libssh_auth_bypass.rb

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:44:40.824329+00:00	Debian Oval Importer	Import	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.0.0

2026-04-01T13:44:40.824329+00:00

Debian Oval Importer

Import

https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2

38.0.0

Vulnerability ID	VCID-y8n1-2dwh-qucf
Aliases	CVE-2018-10933
Summary	security update
Status	Published
Exploitability	2.0
Weighted Severity	9.0
Risk	10.0
Affected and Fixed Packages	Package Details

Percentile	0.99018
EPSS Score	0.78329
Published At	April 1, 2026, 12:55 p.m.