A Vulnerability in Cisco IOS and IOS XE Software SSH X.509 Version 3 could allow for Authentication Bypass

ITS Advisory Number: 
2016-205
Date(s) Issued: 
Friday, December 9, 2016
Subject: 
A Vulnerability in Cisco IOS and IOS XE Software SSH X.509 Version 3 could allow for Authentication Bypass
Overview: 

A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system.

Systems Affected: 
  • Cisco IOS

  • Cisco IOS XE

RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
N/A
Description: 

The vulnerability is due to improper validation of X.509 signatures during the SSH authentication phase. An attacker could exploit this vulnerability by presenting an invalid X.509 signature to an affected system. A successful exploit could allow the attacker to impersonate an existing valid user over an SSH connection.

Actions: 
  • After appropriate testing, apply applicable patches/updates provided by Cisco to the vulnerable systems.
  • Verify no unauthorized system modifications have occurred on system before applying patch. A
  • Administrators may disable the X.509 authentication feature on an affected device until the device is upgraded to a fixed release of the software.
  • Unless required, limit external network access to affected products.