libssh Authentication Bypass Vulnerability Affecting Cisco Products: October 2018
Rated: CRITICAL
Summary
A vulnerability in libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system.
The vulnerability is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message to a targeted system. A successful exploit could allow the attacker to bypass authentication and gain unauthorized access to a targeted system.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181019-libssh
The list of affected devices is pretty long already.
Cool. Start up an SSH session and send a success packet, right off the bat. Noice.
LOOOOOOOOOOOOL
I've never allowed any of my devices to be reachable from the internet by any source. Even servers in the cloud. Had an argument recently where one of my team would not budge from his perspective that the VM is secure because SSH is set up for SSH key authentication and no one can hack it. My point was, okay may be no one can break the key but then you're relying on the integrity of the SSH application to protect the VM and the rest of the network/environment. It was one of those arguments where they agree with you, then carry on doing the same anyway.
Since open source and vendors usually go hand in hand these days, I'm keen to understand if this libssh version is implemented elsewhere such as openssh... ref: https://en.wikibooks.org/wiki/OpenSSH/Development#libssh
Everything on the Pending investigation list has been moved to not vulnerable, except for Cisco Content Security Management Appliance (SMA) and Cisco Cloud Object Storage.
Quote from: srg on October 30, 2018, 01:03:05 AM
Everything on the Pending investigation list has been moved to not vulnerable, except for Cisco Content Security Management Appliance (SMA) and Cisco Cloud Object Storage.
This is good news, indeed.
And, regarding SSH exposed to the Internet, this is exactly the kind of thing that having an internal SSH gateway can resolve. Vendors connect to a web server front end that then offers up an SSH portal to those who authenticate properly. No need to open up the switch in that segmented network to SSH from outside the company.