Cisco issues warning regarding regreSSHion vulnerability affecting multiple products

Cisco issues warning regarding regreSSHion vulnerability affecting multiple products



Cisco has issued a warning to its customers regarding the critical OpenSSH ‘regreSSHion’ vulnerability discovered by researchers at Qualys. The advisory, published on July 5, 2024, identifies 42 affected products in various areas including network security, routing, and wireless. Updates with fixes are planned for four products, while others are still being evaluated for solutions.

The vulnerability, CVE-2024-6387, allows for unauthenticated remote code execution on OpenSSH servers, posing a serious risk of system compromise. Qualys researchers highlight the severity of the flaw, which could lead to attackers executing arbitrary code with high privileges. It targets OpenSSH servers on glibc-based Linux systems, with millions of potentially vulnerable instances identified.

Cisco is actively investigating 51 additional products to determine if they are also at risk of exploitation. Certain products, such as Secure Workload and Secure Endpoint Private Cloud, have been confirmed as unaffected. While no malicious use of the vulnerability has been reported, customers are urged to stay informed through Cisco’s advisory for software updates and follow security measures like restricting SSH access to trusted hosts.

In response to the threat, Cisco has released Snort rules to aid in detecting potential exploitation. Mitigation strategies include checking for software updates, vigilant monitoring, and implementing restrictions on SSH access to minimize the risk of a successful attack. The company aims to provide fixes for affected products to ensure the safety and security of its customers’ systems.

Article Source
https://www.infosecurity-magazine.com/news/cisco-regresshion-vulnerability/