Multiple vulnerabilities in libssh2 in F5 Networks Traffix SDC
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2019-3855 CVE-2019-13115 |
| CWE-ID | CWE-190 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
Traffix SDC Client/Desktop applications / Software for system administration |
| Vendor | F5 Networks |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU18024
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-3855
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the _libssh2_transport_read() function in transport.cwhen processing packet_lengthvalues. A remote attacker can trick the victim to connect to a malicious SSH server, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsTraffix SDC: 5.0.0 - 5.1.0
External linkshttp://api-u.f5.com/support/kb-articles/K13322484?cacheFlag=false
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU19258
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-13115
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists due to integer overflow in the "kex_method_diffie_hellman_group_exchange_sha256_key_exchange" function in the "kex.c" file. A remote attacker can trick a victim to connect to an attacker-controlled Secure Shell (SSH) server, which would allow the attacker to send packets that submit malicious input to the targeted system, trigger integer overflow leading to an out-of-bounds write condition and execute arbitrary code or cause a DoS condition.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsTraffix SDC: 5.0.0 - 5.1.0
External linkshttp://api-u.f5.com/support/kb-articles/K13322484?cacheFlag=false
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
