SSH Server Vulnerabilities

Administrators and analysts routinely use SSH for remote administration within an organization. SSH server versions in an organization may not be the same, or may be outdated which creates potential vulnerabilities. This report can assist analysts in identifying SSH servers and versions within an organization to assist in efforts to secure and harden the environment.

Secure Shell (SSH) provides a secure, command line interface for remote administration of UNIX based systems. Most UNIX based systems come with SSH installed by default when the system was built. Some organizations are using systems with SSH versions that are outdated, and have vulnerabilities that could compromise network assets. Using Nessus credentialed scans, analysts can detect current and outdated versions of SSH on systems, and alert to any potential vulnerabilities that could increase risk for an organization.

This report can assist analysts in identifying SSH server versions within the organization. Once analysts identify the different versions of SSH installed on hosts, they can update vulnerable SSH servers and clients. SSH based attacks are still used by attackers to circumvent defenses to gain entrance into a network and/or move laterally. Hosts that use SSH include network and storage devices, which attackers can exploit depending on the use of SSH in the environment.

The chapters within this report use several Nessus plugins that detect an SSH service in use, version, and vulnerabilities associated with SSH. This can help to identify systems that have outdated SSH versions such as 1.33 and 1.5, which typically have vulnerabilities associated with them. Detecting outdated versions of SSH can assist organizations in identifying hosts with exploitable vulnerabilities. Another chapter assists analysts to determine if SSH is installed, and the associated ports listening with SSH. Although most versions of SSH listen on TCP port 22, other versions can listen on non-standard ports such as port 16022.

The report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards and assets. The report can be easily located in the Tenable.sc Feed under the category Threat Detection & Vulnerability Assessments. The report requirements are:

• Tenable.sc 5.2
• Nessus 8.5.1

Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Our family of products includes Tenable.sc Continuous View (CV), Nessus, Nessus Network Monitor (NNM) and Log Correlation Engine (LCE). Tenable.sc CV provides the most comprehensive and integrated view of network health. Nessus is the global standard in detecting and assessing network data.

This report contains the following chapters:

• Executive Summary: This chapter assists analysts and management with an overview of SSH software vulnerabilities and ports within the organization
• Detected SSH Versions: This chapter focuses on assisting analysts by identifying the SSH server versions in the organization
• SSH Vulnerability Details: This chapter focuses on providing analysts with the medium, high and critical vulnerabilities relating to SSH