...and there goes everything else Cisco....

Started by icecream-guy, October 22, 2018, 06:22:27 AM

Previous topic - Next topic

icecream-guy

libssh Authentication Bypass Vulnerability Affecting Cisco Products: October 2018

Rated: CRITICAL

Summary

    A vulnerability in libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system.

    The vulnerability is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message to a targeted system. A successful exploit could allow the attacker to bypass authentication and gain unauthorized access to a targeted system.

    This advisory will be updated as additional information becomes available.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181019-libssh

:professorcat:

My Moral Fibers have been cut.

icecream-guy

The list of affected devices is pretty long already.
:professorcat:

My Moral Fibers have been cut.

deanwebb

Cool. Start up an SSH session and send a success packet, right off the bat. Noice.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Dieselboy

LOOOOOOOOOOOOL

I've never allowed any of my devices to be reachable from the internet by any source. Even servers in the cloud. Had an argument recently where one of my team would not budge from his perspective that the VM is secure because SSH is set up for SSH key authentication and no one can hack it. My point was, okay may be no one can break the key but then you're relying on the integrity of the SSH application to protect the VM and the rest of the network/environment. It was one of those arguments where they agree with you, then carry on doing the same anyway.

Since open source and vendors usually go hand in hand these days, I'm keen to understand if this libssh version is implemented elsewhere such as openssh... ref: https://en.wikibooks.org/wiki/OpenSSH/Development#libssh

srg

Everything on the Pending investigation list has been moved to not vulnerable, except for Cisco Content Security Management Appliance (SMA) and Cisco Cloud Object Storage.
som om sinnet hade svartnat för evigt.

deanwebb

Quote from: srg on October 30, 2018, 01:03:05 AM
Everything on the Pending investigation list has been moved to not vulnerable, except for Cisco Content Security Management Appliance (SMA) and Cisco Cloud Object Storage.

This is good news, indeed.

And, regarding SSH exposed to the Internet, this is exactly the kind of thing that having an internal SSH gateway can resolve. Vendors connect to a web server front end that then offers up an SSH portal to those who authenticate properly. No need to open up the switch in that segmented network to SSH from outside the company.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.