Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
https://usn.ubuntu.com/3796-3/
https://usn.ubuntu.com/3796-2/
https://usn.ubuntu.com/3796-1/
https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt
https://github.com/paramiko/paramiko/issues/1283
https://access.redhat.com/errata/RHSA-2018:3505
https://access.redhat.com/errata/RHSA-2018:3406
Published: 2018-10-08
Updated: 2024-11-21
Base Score: 6.5
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
Severity: Medium
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: High
Base Score: 8.7
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Severity: High