...and there goes everything else Cisco....

Started by icecream-guy, October 22, 2018, 06:22:27 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

icecream-guy

October 22, 2018, 06:22:27 AM Last Edit: October 22, 2018, 06:24:34 AM by ristau5741
libssh Authentication Bypass Vulnerability Affecting Cisco Products: October 2018

Rated: CRITICAL

Summary

    A vulnerability in libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system.

    The vulnerability is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message to a targeted system. A successful exploit could allow the attacker to bypass authentication and gain unauthorized access to a targeted system.

    This advisory will be updated as additional information becomes available.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181019-libssh

:professorcat:

My Moral Fibers have been cut.

icecream-guy

#1
October 22, 2018, 06:23:27 AM
The list of affected devices is pretty long already.
:professorcat:

My Moral Fibers have been cut.

deanwebb

#2
October 22, 2018, 07:22:02 AM
Cool. Start up an SSH session and send a success packet, right off the bat. Noice.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Dieselboy

#3
October 28, 2018, 08:45:19 PM
LOOOOOOOOOOOOL

I've never allowed any of my devices to be reachable from the internet by any source. Even servers in the cloud. Had an argument recently where one of my team would not budge from his perspective that the VM is secure because SSH is set up for SSH key authentication and no one can hack it. My point was, okay may be no one can break the key but then you're relying on the integrity of the SSH application to protect the VM and the rest of the network/environment. It was one of those arguments where they agree with you, then carry on doing the same anyway.

Since open source and vendors usually go hand in hand these days, I'm keen to understand if this libssh version is implemented elsewhere such as openssh... ref: https://en.wikibooks.org/wiki/OpenSSH/Development#libssh

srg

#4
October 30, 2018, 01:03:05 AM
Everything on the Pending investigation list has been moved to not vulnerable, except for Cisco Content Security Management Appliance (SMA) and Cisco Cloud Object Storage.
som om sinnet hade svartnat för evigt.

deanwebb

#5
November 05, 2018, 04:18:41 PM
Quote from: srg on October 30, 2018, 01:03:05 AM
Everything on the Pending investigation list has been moved to not vulnerable, except for Cisco Content Security Management Appliance (SMA) and Cisco Cloud Object Storage.

This is good news, indeed.

And, regarding SSH exposed to the Internet, this is exactly the kind of thing that having an internal SSH gateway can resolve. Vendors connect to a web server front end that then offers up an SSH portal to those who authenticate properly. No need to open up the switch in that segmented network to SSH from outside the company.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.
Print
Go Up Pages1
User actions