OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.89957.

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Canonical Subscribe
Ubuntu Linux Subscribe
Debian Subscribe
Debian Linux Subscribe
Netapp Subscribe
Aff Baseboard Management Controller Subscribe
Cloud Backup Subscribe
Clustered Data Ontap Subscribe
Cn1610 Subscribe
Cn1610 Firmware Subscribe
Data Ontap Subscribe
Data Ontap Edge Subscribe
Fas Baseboard Management Controller Subscribe
Oncommand Unified Manager Subscribe
Ontap Select Deploy Subscribe
Service Processor Subscribe
Steelstore Cloud Integrated Storage Subscribe
Storage Replication Adapter Subscribe
Vasa Provider Subscribe
Virtual Storage Console Subscribe
Openbsd Subscribe
Openssh Subscribe
Oracle Subscribe
Sun Zfs Storage Appliance Kit Subscribe
Redhat Subscribe
Enterprise Linux Subscribe
Enterprise Linux Desktop Subscribe
Enterprise Linux Server Subscribe
Enterprise Linux Workstation Subscribe
Siemens Subscribe
Scalance X204rna Subscribe
Scalance X204rna Firmware Subscribe

Configuration 1 [-]

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:fas_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*
cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*

Configuration 7 [-]

AND
cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:*:*:*
cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:a:netapp:storage_replication_adapter:*:*:*:*:*:vsphere:*:*
cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Configuration 9 [-]

cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 6
openssh-0:5.3p1-124.el6_10 cpe:/o:redhat:enterprise_linux:6 RHSA-2019:0711 2019-04-09T00:00:00Z
Red Hat Enterprise Linux 7
openssh-0:7.4p1-21.el7 cpe:/o:redhat:enterprise_linux:7 RHSA-2019:2143 2019-08-06T00:00:00Z

No data.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-1474-1 openssh security update
Debian DLA Debian DLA DLA-1476-1 dropbear security update
Debian DSA Debian DSA DSA-4280-1 openssh security update
Ubuntu USN Ubuntu USN USN-3809-1 OpenSSH vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://www.openwall.com/lists/oss-security/2018/08/15/5 cve-icon cve-icon
http://www.securityfocus.com/bid/105140 cve-icon cve-icon
http://www.securitytracker.com/id/1041487 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:0711 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2143 cve-icon cve-icon
https://bugs.debian.org/906236 cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf cve-icon cve-icon
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2018-15473 cve-icon
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011 cve-icon cve-icon
https://security.gentoo.org/glsa/201810-03 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20181101-0001/ cve-icon cve-icon
https://usn.ubuntu.com/3809-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2018-15473 cve-icon
https://www.debian.org/security/2018/dsa-4280 cve-icon cve-icon
https://www.exploit-db.com/exploits/45210/ cve-icon cve-icon
https://www.exploit-db.com/exploits/45233/ cve-icon cve-icon
https://www.exploit-db.com/exploits/45939/ cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujan2020.html cve-icon cve-icon
History

Wed, 17 Dec 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-12-17T21:22:47.283Z

Reserved: 2018-08-17T00:00:00.000Z

Link: CVE-2018-15473

cve-icon Vulnrichment

Updated: 2024-08-05T09:54:03.508Z

cve-icon NVD

Status : Modified

Published: 2018-08-17T19:29:00.223

Modified: 2025-12-17T22:15:54.557

Link: CVE-2018-15473

cve-icon Redhat

Severity : Low

Publid Date: 2018-08-16T00:00:00Z

Links: CVE-2018-15473 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses