Cisco Warns of regreSSHion RCE Impacting Multiple Products
Cisco has issued a security advisory relating to a excessive far flung code execution (RCE) vulnerability, dubbed “regreSSHion,” that has effects on extra than one merchandise.
The vulnerability tracked as CVE-2024-6387, was as soon as disclosed by the Qualys Threat Research Unit on July 1, 2024. It impacts the OpenSSH server (sshd) in glibc-basically based fully Linux systems and has the aptitude to enable unauthenticated attackers to manufacture root rating valid of entry to to affected systems.
Vulnerability Details
The regreSSHion vulnerability is a regression of an older flaw (CVE-2006-5051) that was as soon as reintroduced in OpenSSH version 8.5p1, launched in October 2020.
The flaw entails a hotfoot situation in the sshd’s SIGALRM handler, which calls functions that are likely to be not async-signal-protected, equivalent to syslog().
An attacker can exploit this by opening extra than one connections and failing to authenticate eventually of the LoginGraceTime duration, triggering the susceptible signal handler asynchronously.
Cisco has identified several merchandise all over deal of categories tormented by this vulnerability.
The corporate is actively investigating its product line to resolve the fleshy scope of impacted devices. The following desk lists the affected merchandise and their respective Cisco Bug IDs:
| Product Class | Product Name | Cisco Bug ID | Mounted Liberate Availability |
|---|---|---|---|
| Community and Tell material Security Gadgets | Adaptive Security Appliance (ASA) Application | CSCwk61618 | |
| Firepower Administration Heart (FMC) Application | CSCwk61618 | ||
| Firepower Threat Defense (FTD) Application | CSCwk61618 | ||
| FXOS Firepower Chassis Manager | CSCwk62297 | ||
| Identity Products and companies Engine (ISE) | CSCwk61938 | ||
| True Community Analytics | CSCwk62315 | ||
| Community Administration and Provisioning | Crosswork Files Gateway | CSCwk62311 | 7.0.0 (Aug 2024) |
| Cyber Imaginative and prescient | CSCwk62289 | ||
| DNA Spaces Connector | CSCwk62273 | ||
| High Infrastructure | CSCwk62276 | ||
| Like a flash-witted Application Manager On-Prem | CSCwk62288 | ||
| Virtualized Infrastructure Manager | CSCwk62277 | ||
| Routing and Switching – Project and Provider Provider | ASR 5000 Series Routers | CSCwk62248 | |
| Nexus 3000 Series Switches | CSCwk61235 | ||
| Nexus 9000 Series Switches in standalone NX-OS mode | CSCwk61235 | ||
| Unified Computing | Intersight Virtual Appliance | CSCwk63145 | |
| Tell and Unified Communications Gadgets | Emergency Responder | CSCwk63694 | |
| Unified Communications Manager | CSCwk62318 | ||
| Unified Communications Manager IM & Presence Provider | CSCwk63634 | ||
| Cohesion Connection | CSCwk63494 | ||
| Video, Streaming, TelePresence, and Transcoding Gadgets | Cisco Meeting Server | CSCwk62286 | SMU – CMS 3.9.2 (Aug 2024) |
Mitigation and Suggestions
Cisco recommends several steps to mitigate the menace of exploitation:
- Restrict SSH Catch entry to: Restrict SSH rating valid of entry to to relied on hosts handiest. This can also be performed by making boom of infrastructure rating valid of entry to manage lists (ACLs) to forestall unauthorized rating valid of entry to to SSH companies.
- Upgrade OpenSSH: Upgrade to the hottest patched version of OpenSSH (9.8p1) as quickly as it turns into readily available in the package deal repositories of Linux distributions.
- Modify LoginGraceTime: Characteristic the
LoginGraceTimeparameter to 0 in the sshd configuration file to forestall the hotfoot situation, even supposing this could possibly lead to denial-of-carrier if all connection slots change into occupied[1][6][7].
The Cisco Product Security Incident Response Team (PSIRT) is conscious of that a proof-of-belief exploit code is like a flash available for this vulnerability. Nonetheless, the exploitation requires customization, and there were no experiences of malicious boom.
Cisco continues to evaluate all merchandise and companies for affect and can exchange the advisory as novel data turns into readily available.
The regreSSHion vulnerability poses a vital menace to a enormous different of Cisco merchandise.
Customers are educated to discover Cisco’s solutions and discover the significant patches and mitigations to provide protection to their systems from doable exploitation.
Source credit : cybersecuritynews.com
