CVE-2017-18443

cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247).
Source: NIST
CVE-2017-18443