High severity8.8NVD Advisory· Published Oct 8, 2018· Updated Jun 17, 2026
CVE-2018-1000805
CVE-2018-1000805
Description
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
paramikoPyPI | >= 2.4.0, < 2.4.2 | 2.4.2 |
paramikoPyPI | >= 2.3.0, < 2.3.3 | 2.3.3 |
paramikoPyPI | >= 2.2.0, < 2.2.4 | 2.2.4 |
paramikoPyPI | >= 2.1.0, < 2.1.6 | 2.1.6 |
paramikoPyPI | >= 1.5.1, < 2.0.9 | 2.0.9 |
Affected products
35- ghsa-coords35 versionspkg:pypi/paramikopkg:rpm/opensuse/python-paramiko&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/python-paramiko&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-paramiko&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-amqp&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-oslo.messaging&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-ovs&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-paramiko&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-paramiko&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/python-paramiko&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python-paramiko&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/python-paramiko&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015pkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP3pkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/python-paramiko&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/python-paramiko&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/python-paramiko&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/python-paramiko&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-paramiko&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-paramiko&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-psql2mysql&distro=SUSE%20OpenStack%20Cloud%207
>= 2.4.0, < 2.4.2+ 34 more
- (no CPE)range: >= 2.4.0, < 2.4.2
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.7.2-3.7
- (no CPE)range: < 1.4.9-3.3.1
- (no CPE)range: < 5.10.2-3.9.1
- (no CPE)range: < 2.5.0-3.3.1
- (no CPE)range: < 2.2.4-4.3.1
- (no CPE)range: < 2.0.9-3.6.1
- (no CPE)range: < 2.0.9-3.6.1
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.4.2-3.3.2
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.1.3-9.6.1
- (no CPE)range: < 2.4.2-3.3.2
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.4.3-150100.6.15.1
- (no CPE)range: < 2.0.9-3.6.1
- (no CPE)range: < 2.2.4-4.3.1
- (no CPE)range: < 2.2.4-4.3.1
- (no CPE)range: < 0.5.0+git.1539592188.13e5d0f-1.9.1
Patches
Vulnerability mechanics
References
17- github.com/paramiko/paramiko/issues/1283nvdPatchThird Party AdvisoryWEB
- access.redhat.com/errata/RHBA-2018:3497nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:3347nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:3406nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:3505nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-f2j6-wrhh-v25mghsaADVISORY
- lists.debian.org/debian-lts-announce/2018/10/msg00018.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.debian.org/debian-lts-announce/2021/12/msg00025.htmlnvdMailing ListThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-1000805ghsaADVISORY
- usn.ubuntu.com/3796-1/nvdThird Party Advisory
- usn.ubuntu.com/3796-2/nvdThird Party Advisory
- usn.ubuntu.com/3796-3/nvdThird Party Advisory
- github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2018-69.yamlghsaWEB
- herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txtnvdBroken LinkWEB
- usn.ubuntu.com/3796-1ghsaWEB
- usn.ubuntu.com/3796-2ghsaWEB
- usn.ubuntu.com/3796-3ghsaWEB
News mentions
0No linked articles in our index yet.