Search for vulnerabilities
Vulnerability details: VCID-zt3h-kpwe-ffcx
Vulnerability ID VCID-zt3h-kpwe-ffcx
Aliases CVE-2018-10933
Summary A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-287 Improper Authentication
System Score Found at
cvssv3 9.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10933.json
epss 0.7593 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.7593 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.7593 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.7593 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.7593 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.7593 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79379 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79379 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79379 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79379 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79379 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.79577 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.80698 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
epss 0.8088 https://api.first.org/data/v1/epss?cve=CVE-2018-10933
cvssv3 9.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 6.4 https://nvd.nist.gov/vuln/detail/CVE-2018-10933
cvssv3 9.1 https://nvd.nist.gov/vuln/detail/CVE-2018-10933
archlinux Critical https://security.archlinux.org/AVG-780
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10933.json
https://api.first.org/data/v1/epss?cve=CVE-2018-10933
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10933
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016
https://www.debian.org/security/2018/dsa-4322
https://www.exploit-db.com/exploits/45638/
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
http://www.securityfocus.com/bid/105677
1614973 https://bugzilla.redhat.com/show_bug.cgi?id=1614973
911149 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911149
ASA-201810-10 https://security.archlinux.org/ASA-201810-10
AVG-780 https://security.archlinux.org/AVG-780
cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
CVE-2018-10933 Exploit https://github.com/blacknbunny/libSSH-Authentication-Bypass/blob/5dc55fbf5518f2e11503f08fa84a3640e60c7ec9/libsshauthbypass.py
CVE-2018-10933 Exploit https://github.com/jas502n/CVE-2018-10933/blob/05ee62e7ed7d4cd10e71ea10b28da990e37a24f4/libssh-CVE-2018-10933-jas502n.py
CVE-2018-10933 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45638.py
CVE-2018-10933 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46307.py
CVE-2018-10933 https://nvd.nist.gov/vuln/detail/CVE-2018-10933
USN-3795-1 https://usn.ubuntu.com/3795-1/
USN-3795-2 https://usn.ubuntu.com/3795-2/
Data source Metasploit
Description This module exploits an authentication bypass in libssh server code where a USERAUTH_SUCCESS message is sent in place of the expected USERAUTH_REQUEST message. libssh versions 0.6.0 through 0.7.5 and 0.8.0 through 0.8.3 are vulnerable. Note that this module's success depends on whether the server code can trigger the correct (shell/exec) callbacks despite only the state machine's authenticated state being set. Therefore, you may or may not get a shell if the server requires additional code paths to be followed.
Note 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
Ransomware campaign use Unknown
Source publication date Oct. 16, 2018
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/ssh/libssh_auth_bypass.rb
Data source Exploit-DB
Date added Feb. 3, 2019
Description LibSSH 0.7.6 / 0.8.4 - Unauthorized Access
Ransomware campaign use Known
Source publication date Oct. 20, 2018
Exploit type remote
Platform linux
Source update date Feb. 3, 2019
Source URL https://github.com/jas502n/CVE-2018-10933/blob/05ee62e7ed7d4cd10e71ea10b28da990e37a24f4/libssh-CVE-2018-10933-jas502n.py
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10933.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10933
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10933
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.98865
EPSS Score 0.7593
Published At Aug. 16, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:32:48.111814+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.14/community.json 37.0.0