Cisco has warned customers that a number of its products are affected by the critical OpenSSH ‘regreSSHion’ vulnerability, which was discovered by Qualys researchers.
In an advisory published on July 5, 2024, Cisco highlighted 42 impacted products, ranging across the following areas:
- Network and content security devices
- Network management and provisioning
- Routing and switching - enterprise and service provider
- Unified computing
- Video, streaming, telepresence, and transcoding devices
- Wireless
Updates containing fixes have been scheduled for four of the products at the time of writing. For products where no version or date is listed, Cisco said it is continuing to evaluate the fix and will update the advisory as additional information becomes available.
The firm is also actively investigating a further 51 products to determine whether they are also affected by regreSSHion (CVE-2024-6387). These include Cisco’s AnyConnect Secure Mobility Client, Secure Email and Web Manager and Secure Email Gateway products.
A number of products have also been confirmed as not impacted by regreSSHion, including Secure Workload and Secure Endpoint Private Cloud.
Cisco said it is not aware of any malicious use of the vulnerability.
Customers at Risk of Full System Compromise
CVE-2024-6387, dubbed regreSSHion, is a remote unauthenticated code execution (RCE) vulnerability in the OpenSSH connectivity tool, outlined by Qualys on July 1. It affects the OpenSSH server in glibc-based Linux systems.
The Qualys researchers warned that this flaw could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges. It is rated severe and critical, especially for enterprises that rely heavily on OpenSSH for remote server management.
OpenSSH versions earlier than 4.4p1 are vulnerable to compromise due to this flaw unless they are patched for CVE-2006-5051 and CVE-2008-4109.
Qualys said it has identified over 14 million potentially vulnerable OpenSSH server instances exposed to the internet.
The vulnerability is challenging to exploit due to its remote race condition nature, requiring multiple attempts for a successful attack. Cisco emphasized in its advisory that customization is required for exploitation.
Cisco Advises Customers on Vulnerability Mitigation
Cisco has told customer to look for updates to its advisory for information on fixed software releases.
The tech firm has also issued Snort rules to help detect any exploitation of the vulnerability.
Customers are further advised to restrict SSH access to only trusted hosts.
Image credit: bluestork / Shutterstock.com