close
close

Cisco warns about devices vulnerable to RegreSSHion vulnerability

Posted on by darion

Cisco said dozens of its networking and communications devices may be vulnerable to a recently disclosed SSH security flaw.

The enterprise technology giant said the remote code execution vulnerability has been confirmed to exist in 42 products, including network management and provisioning, network and content security, enterprise and service provider routing and switching, unified computing, unified voice devices, video streaming with telepresence and transcoding, and wireless connectivity.

If that’s not enough, Cisco said that 51 products from the same series are still being investigated for this flaw and some or all of them may be added to that list.

It is worth adding that Cisco has emphasized that at least 48 of the devices and cloud services currently supported by the company are not vulnerable to attacks.

A full list of what is, what isn’t, and what may be vulnerable to this vulnerability can be found here.

If administrators need to monitor one or more vulnerable products, Cisco recommends restricting SSH access to trusted hosts until a software fix is ​​available.

“In all cases, customers should ensure that the devices they are updating have sufficient memory and confirm that their current hardware and software configurations will continue to be properly supported by the new release,” the company said.

“If information is unclear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or contracted maintenance vendors.”

The warning comes about a week after news first surfaced about a critical security flaw in the OpenSSH server package. The flaw involved a race condition that allowed command injection, which could lead to remote code execution and complete compromise of devices.

Cisco is not the only company affected by this vulnerability. Many widely used Linux distributions have been found to contain the flaw. At the time of publication, it was estimated that no less than 14 million public servers were vulnerable.

If there’s one thing that’s saving admins, it’s the fact that current proof-of-concept examples show that any real-world exploitation of race would take an incredibly long time, with estimates ranging from six hours to several days.