Government of the Republic of Trinidad and Tobago                                                                                                                                        


News

TTCSIRT-175.102218: TT-CSIRT Advisory – Cisco Security Updates

22nd October 2018

Cisco has released a security update stating that it discovered a vulnerability where libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system.

The issue is due to improper authentication operations by the server-side state machine of the affected software.

An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message to a targeted system.

Further information on this vulnerability and how it can be mitigated can be found on the Cisco Website at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181019-libssh