CVE-2018-10933

CRITICAL

9.1

CVSS Severity Score

EPSS Score0.1790%

EPSS Percentile41.44th

Published2018年10月17日

Last Modified2024年11月21日

Vulnerability Description

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

Affected Platforms (CPE)

📦

Libssh

>= 0.6.0 and < 0.7.6

📦

Libssh

>= 0.8.0 and < 0.8.4

💻

Canonical

Ubuntu Linux

= 14.04

💻

Canonical

Ubuntu Linux

= 16.04

💻

Canonical

Ubuntu Linux

= 18.04

💻

Canonical

Ubuntu Linux

= 18.10

💻

Debian

Debian Linux

= 8.0

💻

Debian

Debian Linux

= 9.0

💻

Redhat

Enterprise Linux

= 7.0

📦

Netapp

Oncommand Unified Manager

>= 7.3

📦

Netapp

Oncommand Unified Manager

>= 9.4

📦

Netapp

Oncommand Workflow Automation

All versions

📦

Netapp

Snapcenter

All versions

📦

Netapp

Storage Automation Store

All versions

📦

Oracle

Mysql Workbench

<= 8.0.13

References & Advisories

🔗 http://www.securityfocus.com/bid/105677

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933

🔗 https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html

🔗 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016

🔗 https://security.netapp.com/advisory/ntap-20190118-0002/

🔗 https://usn.ubuntu.com/3795-1/

🔗 https://usn.ubuntu.com/3795-2/

🔗 https://www.debian.org/security/2018/dsa-4322

Vulnerability Description

Affected Platforms (CPE)

Libssh

Libssh

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Debian Linux

Debian Linux

Enterprise Linux

Oncommand Unified Manager

Oncommand Unified Manager

Oncommand Workflow Automation

Snapcenter

Storage Automation Store

Mysql Workbench

References & Advisories

相關漏洞威脅