TTCSIRT-175.102218: TT-CSIRT Advisory – Cisco Security Updates
Cisco has released a security update stating that it discovered a vulnerability where libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system.
The issue is due to improper authentication operations by the server-side state machine of the affected software.
An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message to a targeted system.
| Further information on this vulnerability and how it can be mitigated can be found on the Cisco Website at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181019-libssh |