—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: libssh Authentication Bypass Vulnerability Affecting Cisco Products: October 2018
Advisory ID: cisco-sa-20181019-libssh
Revision: 1.0
For Public Release: 2018 October 19 16:00 GMT
Last Updated: 2018 October 19 16:00 GMT
CVE ID(s): CVE-2018-10933
+———————————————————————
Summary
=======
A vulnerability in libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system.
The vulnerability is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message to a targeted system. A successful exploit could allow the attacker to bypass authentication and gain unauthorized access to a targeted system.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181019-libssh [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181019-libssh”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJbygj7XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczJqkQALhudIXeTdUcjppezCwZzIK/CY3F
sEP3x8YQBEuYu6Odtj/91SmsoHuhBREJ9TgZoPQ06UNDrsPiqv4/DF5B9//jOhiZ
nw2Ls7ZiHv4MxtW80Et+UoHpubRjr201sdEuhefL7qb+OfI4qYXyJpNF2ELOoLlB
YcLUU28p6iGw7GBmpLYIxUhpdTmiC/70dqybAgu9XN8Gib4DaS4bAkGRzIbCwkVF
vq9/JfkKl2HjjOAB+AhNyKYnl98DilY2IRysFtLNSCULxfjN0o7HgBu7/LL/oL4D
WY/+UT/oUu9fHTCOs3NM4Ao3GaQG2yxyPd0/AtnCHBLVkQvAZunhyEjmebhWuthU
5tzTq6iRnYZ6YMNNxDg0/b5zUwHqG20VL2gX3/5hOVeEM1U1vf1eK20gcllYQBBQ
Bn2+Y2EnKfJnMxAkJOC1eEfY9nwx4hRWX4uxUdBPuJulXC0JvOVUozRwko86Qe3g
CW9b84t3zXGwbT9vOQ8di94a2b71I23D9DQxKWOV81ZvUPIleCFpd2l7T8wWZuKw
QBXWALfdPxmGng3DblAQZvicD+ALB3hBuaVoTLHTDke/ZZX8tL79O0fNJvfJ+XeH
d+YopY+jfJfQqpgTDyyeY/iSeg69Du6FMrmF1FCOUXDLKq+gBUCLCRTblku5WTU6
Ur3txFLESuZRwd/U
=v2q7
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com