suse · CVE-2018-7750

Quick triage

Priority: high Published: 2021-05-30 14:11:38 UTC Updated: 2026-04-17 15:30:03 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-7750 severity important: SUSE including 254 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 276 product×package rows across 32 product lines (HPE Helion OpenStack 8, Image SLES12-SP5-EC2-BYOS, … (32 product lines)): Known Affected 231, Fixed 28, Known Not Affected 17.

Description:

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

cvelogic Threat Intelligence