Cisco Patches IOS Software Issue

Tuesday, September 29, 2015 @ 10:09 AM gHale

Cisco patched vulnerabilities affecting the IOS and IOS XE software running on routers and switches.

The most serious of the fixes is a vulnerability in the IOS and IOS XE software implementation of the SSH version 2 protocol.

Smart Attacks Break into Routers
Cisco Working on Security Appliances Holes
Cisco Patches Data Center Holes
Cisco Working on Fix ISE Hole

The flaw can end up exploited by a remote, unauthenticated attacker to bypass user authentication.

“The vulnerability is due to a flaw in the implementation of the SSHv2 public key authentication method, also known as Rivest, Shamir, and Adleman (RSA)-based user authentication,” Cisco said in an advisory.

“An attacker could exploit this vulnerability by authenticating to an affected system configured for SSHv2 RSA-based user authentication using a crafted private key,” the advisory said. “The attacker must know a valid username configured for RSA-based user authentication and the public key configured for that user to exploit this vulnerability.”

While the vulnerability cannot end up exploited to elevate privileges, a malicious actor could obtain administrative privileges on the system, depending on the configuration of the targeted user’s account and the Virtual Teletype (VTY) line.

Cisco said the vulnerability affects devices running IOS and IOS XE if SSHv2 access end up configured with RSA-based user authentication and at least one user’s configuration is with a public key. Devices running IOS XR and NX-OS do not suffer from the problem.

Mathias Seiler from MiroNet AG gained credit for reporting the flaw. Cisco said it is not aware of attacks exploiting this weakness.