Hitachi ABB Power Grids FOX615 Multiservice-Multiplexer update for libssh library

1) Authentication bypass

EUVDB-ID: #VU15379

Risk: Low

CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2018-10933

CWE-ID: CWE-592 - Authentication Bypass Issues

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass authentication on the target system.

The weakness exists due to coding error, when libssh receives the "SSH2_MSG_USERAUTH_SUCCESS" message. A remote attacker can send the SSH server "SSH2_MSG_USERAUTH_SUCCESS" message instead of the "SSH2_MSG_USERAUTH_REQUEST" message that a server usually expects and which libssh uses as a sign that an authentication procedure needs to initiate, bypass authentication procedures and gain access to a server with an SSH connection enabled without having to enter the password.

Mitigation

Hitachi ABB Power Grids reports a vulnerability exists in the libssh library included in the following products: 

• FOX61x R1 using CESM1/CESM2: All versions prior to cesne_r1h07_12.esw
• FOX61x R2 using CESM1/CESM2: All versions prior to cesne_r2d14_03.esw

Vulnerable software versions

FOX615: before cesne_r2d14_03

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-007-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.