CVE-2018-7749

NONE EPSS 75.5%
Published Mar 12, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 12, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.

Threat Intelligence

EPSS Exploit Probability
75.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-287 Improper Authentication Authentication

Affected Products 1

VendorProductVersionRange
asyncssh_projectasyncssh* <1.12.1

References 2

  • github.com https://github.com/ronf/asyncssh/commit/c161e26cdc0d41b745b63d9f17b437f073bf7ba4
    Third Party Advisory
  • groups.google.com https://groups.google.com/forum/#%21msg/asyncssh-announce/57_5O7kiHSA/8BXZ_hxHAQAJ

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.