CVE-2018-10933 : A vulnerability was found in libssh's server-side state machine before versions

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

Published 2018-10-17 12:29:01

Updated 2019-10-09 23:33:16

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2018-10933

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql Workbench
Versions up to, including, (<=) 8.0.13
cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.10
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Workflow Automation » Version: N/A
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Unified Manager » For Windows
Versions from including (>=) 7.3
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
Matching versions
Netapp » Oncommand Unified Manager » For Vsphere
Versions from including (>=) 9.4
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
Matching versions
Netapp » Storage Automation Store » Version: N/A
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
Matching versions
Netapp » Snapcenter » Version: N/A
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
Matching versions
Libssh » Libssh
Versions from including (>=) 0.8.0 and before (<) 0.8.4
cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
Matching versions
Libssh » Libssh
Versions from including (>=) 0.6.0 and before (<) 0.7.6
cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2018-10933

Top countries where our scanners detected CVE-2018-10933

Top open port discovered on systems with this issue 53

IPs affected by CVE-2018-10933 116,443

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2018-10933!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2018-10933

EPSS FAQ

79.58%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2018-10933

libssh Authentication Bypass Scanner

Disclosure Date: 2018-10-16

First seen: 2020-04-26

auxiliary/scanner/ssh/libssh_auth_bypass

This module exploits an authentication bypass in libssh server code where a USERAUTH_SUCCESS message is sent in place of the expected USERAUTH_REQUEST message. libssh versions 0.6.0 through 0.7.5 and 0.8.0 through 0.8.3 are vulnerable. Note that this module'

More information

CVSS scores for CVE-2018-10933

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:P/A:N	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
9.1	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	3.9	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None
9.1	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	3.9	5.2	Red Hat, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None

CWE ids for CVE-2018-10933

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)
CWE-592

Assigned by: secalert@redhat.com (Secondary)

References for CVE-2018-10933

https://security.netapp.com/advisory/ntap-20190118-0002/

January 2019 MySQL Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html

[SECURITY] [DLA 1548-1] libssh security update
Mailing List;Third Party Advisory
https://usn.ubuntu.com/3795-2/

USN-3795-2: libssh vulnerability | Ubuntu security notices
Third Party Advisory
https://www.libssh.org/security/advisories/CVE-2018-10933.txt

Vendor Advisory
https://www.exploit-db.com/exploits/45638/

libSSH - Authentication Bypass
Exploit;Third Party Advisory;VDB Entry
https://usn.ubuntu.com/3795-1/

USN-3795-1: libssh vulnerability | Ubuntu security notices
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Oracle Critical Patch Update - January 2019
Patch;Third Party Advisory

CVEs referencing this url
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016

SonicWall Security Advisory
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933

1614973 – (CVE-2018-10933) CVE-2018-10933 libssh: Authentication Bypass due to improper message callbacks implementation
Issue Tracking;Third Party Advisory
http://www.securityfocus.com/bid/105677

Libssh CVE-2018-10933 Authentication Bypass Vulnerability
Third Party Advisory;VDB Entry
https://www.debian.org/security/2018/dsa-4322

Debian -- Security Information -- DSA-4322-1 libssh
Third Party Advisory

Jump to

Vulnerability Details : CVE-2018-10933