CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels…

redhat·CWE-592·Published 2018-10-17

CVSS

—

EPSS

0.92

KEV

Exploits

Vendor statements (3)

cve.orgen

212 chars

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

NVDes

256 chars

Se ha detectado una vulnerabilidad en la máquina de estado del lado del servidor de libssh en versiones anteriores a la 0.7.6 y 0.8.4. Un cliente malicioso podría crear canales sin realizar antes la autenticación, lo que resulta en un acceso no autorizado.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.4	10.0	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N
3.0	Primary	cve.org	9.1	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
3.0	Primary	cve.org	9.1	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
3.0	Primary	NVD	9.1	3.9	5.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
3.0	Secondary	NVD	9.1	3.9	5.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N