Network Security, Vulnerability Management, Endpoint/Device Security

Cisco warns of appliances vulnerable to RegreSSHion vulnerability

A sign with the Cisco logo is seen outside of a building

Cisco said dozens of its networking and communications devices are likely vulnerable to a recently disclosed SSH vulnerability.

The enterprise tech giant said that 42 products are confirmed to contain the remote code execution flaw, including products in Network Management and Provisioning, Network and Content Security, Enterprise and Service Provider Routing and Switching, Unified Computing, Unified Voice and Communications Devices, Video Streaming Telepresence and Transcoding, and Wireless.

If that was not enough of a headache, Cisco said that 51 products across those same lines were also still under investigation for the flaw and some or all may well be added to the list.

For what it’s worth, Cisco noted that at least 48 of its currently supported hardware and cloud services are confirmed not as vulnerable to exploitation.

The full list of what is, isn’t and might yet be vulnerable to attacks on the flaw can be found here.

Should administrators find themselves overseeing one or more of the vulnerable products, Cisco recommended restricting SSH access to trusted hosts until a software fix is available.

“In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release,” the company said.

“If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.”

The warning came roughly one week after word first surfaced of a critical security hole in the OpenSSH server package. The flaw, related to a race condition error that allows command injections that could lead to remote code execution and complete takeover of the devices.

Cisco is not alone in its exposure to the vulnerability. A number of widely used Linux distros were found to contain the flaw. At the time of publication, it was estimated that no fewer than 14 million public-facing servers were vulnerable.

If there is one saving grace for administrators, it is that current proof-of-concept samples show that any real-world exploitation of the race condition would be extremely time consuming, with estimates ranging from six hours to several days.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.