VMware Response to security vulnerability in libssh, CVE-2018-10933
search cancel

VMware Response to security vulnerability in libssh, CVE-2018-10933

book

Article ID: 328923

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

CVE-2018-10933 was found in libssh's server-side state machine.

libssh versions 0.6 and above have an authentication bypass vulnerability in the server code.
By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message
which the server would expect to initiate authentication, the attacker could successfully authentciate without
any credentials.


Symptoms:
CVE-2018-10933 vulnerability

Resolution

VMware Security Response have reviewed the VMware open source inventory and have found that libssh is not used in any of VMware's products or services.
CVE-2018-10933 is not relevant to VMware’s product and services

Additional Information

Impact/Risks:
No impact