CVE-2018-10933

CRITICAL

9.1

CVSS Severity Score

EPSS Score0.1790%

EPSS Percentile41.44th

PublishedOct 17, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

Affected Platforms (CPE)

📦

Libssh

>= 0.6.0 and < 0.7.6

📦

Libssh

>= 0.8.0 and < 0.8.4

💻

Canonical

Ubuntu Linux

= 14.04

💻

Canonical

Ubuntu Linux

= 16.04

💻

Canonical

Ubuntu Linux

= 18.04

💻

Canonical

Ubuntu Linux

= 18.10

💻

Debian

Debian Linux

= 8.0

💻

Debian

Debian Linux

= 9.0

💻

Redhat

Enterprise Linux

= 7.0

📦

Netapp

Oncommand Unified Manager

>= 7.3

📦

Netapp

Oncommand Unified Manager

>= 9.4

📦

Netapp

Oncommand Workflow Automation

All versions

📦

Netapp

Snapcenter

All versions

📦

Netapp

Storage Automation Store

All versions

📦

Oracle

Mysql Workbench

<= 8.0.13

References & Advisories

🔗 http://www.securityfocus.com/bid/105677

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933

🔗 https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html

🔗 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016

🔗 https://security.netapp.com/advisory/ntap-20190118-0002/

🔗 https://usn.ubuntu.com/3795-1/

🔗 https://usn.ubuntu.com/3795-2/

🔗 https://www.debian.org/security/2018/dsa-4322

Vulnerability Description

Affected Platforms (CPE)

Libssh

Libssh

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Debian Linux

Debian Linux

Enterprise Linux

Oncommand Unified Manager

Oncommand Unified Manager

Oncommand Workflow Automation

Snapcenter

Storage Automation Store

Mysql Workbench

References & Advisories

Related Vulnerabilities