Detections
Analytics

Cisco IOS XE Software Secure Shell Connection on VRF (cisco-sa-20190109-ios-ssh-vrf)

medium Nessus Plugin ID 131728

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the access control logic of the Secure Shell (SSH) server due to a missing check in the SSH server. An authenticated, remote attacker can exploit this, by providing valid credentials to access a device in order to open an SSH connection to an affected device with a source address belonging to a VRF instance, despite the absence of the 'vrf-also' keyword in the access-class configuration.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID(s) CSCvk37852.

See Also

http://www.nessus.org/u?efbc26fd

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk37852

Plugin Details

Severity: Medium

ID: 131728

File Name: cisco-sa-20190109-ios-ssh-vrf-iosxe.nasl

Version: 1.6

Type: local

Family: CISCO

Published: 12/6/2019

Updated: 1/8/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS Score Source: CVE-2018-0484

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 1/9/2016

Vulnerability Publication Date: 1/10/2019

Reference Information

CVE: CVE-2018-0484

BID: 106560