Cisco issued a security advisory for a critical remote code execution vulnerability called “regreSSHion” affecting various products. The vulnerability, tracked as CVE-2024-6387, was disclosed by Qualys on July 1, 2024, and affects the OpenSSH server on glibc-based Linux systems, potentially allowing attackers to gain root access.
The flaw is a regression of a previous vulnerability reintroduced in OpenSSH version 8.5p1. It involves a race condition in sshd’s SIGALRM driver, allowing attackers to trigger a vulnerable signal handler asynchronously by not authenticating within a certain time period. Cisco has identified multiple products in different categories affected by the vulnerability and is actively investigating the full scope of impact.
Mitigation steps recommended by Cisco include restricting SSH access to trusted hosts, updating OpenSSH to the latest patched version once available, and setting the LoginGraceTime parameter to 0 in the sshd configuration file to avoid the race condition. Cisco’s Product Security Incident Response Team is aware of proof-of-concept exploit code for the vulnerability but notes that exploitation requires customization and there have been no reports of malicious use.
Customers are advised to follow Cisco’s recommendations, apply necessary patches, and implement mitigations to safeguard their systems. Cisco continues to assess all products and services for impact and promises to provide updates as new information emerges. The “regreSSHion” vulnerability poses a significant threat to Cisco products, so taking proactive measures is crucial to prevent potential exploitation.
Article Source
https://cybersecuritynews.com/cisco-warns-regresshion-rce/
