Cisco has released a security advisory addressing a critical remote code execution (RCE) vulnerability known as “regreSSHion” which impacts various products. The vulnerability, labeled as CVE-2024-6387, was made public by the Qualys Threat Research Unit on July 1, 2024. It affects the OpenSSH server (sshd) on glibc-based Linux systems and could allow unauthorized attackers to achieve root access on affected systems.
The regreSSHion vulnerability is actually a regression of a previous flaw (CVE-2006-5051) that resurfaced in OpenSSH version 8.5p1, released in October 2020. This flaw involves a race condition in sshd’s SIGALRM driver, calling functions like syslog() which are not safe for asynchronous signals. By opening multiple connections and not authenticating within the LoginGraceTime period, an attacker can trigger the vulnerable signal handler asynchronously.
Multiple Cisco products across different categories have been identified as affected by this vulnerability, with the company actively investigating its product line to determine the full extent of impacted devices. Mitigation steps advised by Cisco include restricting SSH access to trusted hosts, updating to the latest patched version of OpenSSH, and adjusting the LoginGraceTime parameter in the sshd configuration file.
Cisco is aware of proof-of-concept exploit code for the regreSSHion vulnerability, but no reports of malicious exploitation have been reported. They are continuing to assess the impact on all products and services and will provide updates as new information arises. It is crucial for customers to adhere to Cisco’s recommendations, apply necessary patches, and implement mitigations to safeguard their systems from potential exploitation.
The significance of the regreSSHion vulnerability underscores the importance of proactive security measures to protect against potential threats. Customers are advised to take immediate action to secure their systems and prevent any unauthorized access. Cisco’s Product Security Incident Response Team (PSIRT) is actively monitoring the situation and will provide further updates as needed to ensure the safety and security of their customers.
Article Source
https://cybersecuritynews.com/cisco-warns-regresshion-rce/amp/