Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability

A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software processes and a temporary loss of access to the Cisco UCS Manager CLI and web UI.

Note: The attacker must have valid user credentials to authenticate to the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy

This advisory is part of the August 2021 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: August 2021 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.

Security Impact Rating: Medium

CVE: CVE-2021-1592

Related:

  • No Related Posts

Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability

A vulnerability in Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which Cisco NSO is running, which is root by default. To exploit this vulnerability, an attacker must have a valid account on an affected device.

The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the NSO built-in Secure Shell (SSH) server for CLI was enabled. If the NSO built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which Cisco NSO is running, which is root by default.

Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all Cisco NSO users have this access if the server is enabled.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT

Security Impact Rating: High

CVE: CVE-2021-1572

Related:

  • No Related Posts

ConfD CLI Secure Shell Server Privilege Escalation Vulnerability

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. 

The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root.

Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled.

Software updates that address this vulnerability have been released. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4

Security Impact Rating: High

CVE: CVE-2021–1572

Related:

  • No Related Posts

How to Add a Static Route on Netscaler MAS

In order to add a static route, you would need to modify the system routing table. To make the changes permanent, the svm.conf file would need to be edited.

  1. Log in to NetScaler MAS, using an SSH client.

  2. Make a backup copy of the file /mpsconfig/svm.conf using command:

    cd /mpsconfig/ cp svm.conf svm.conf.bak

  3. Add the following line to the above file “route add -net 10.20.30.0/28 10.0.0.1” using the following command:

    echo “route add -net 10.20.30.0/28 10.0.0.1”>> svm.conf

  4. Reboot the device using command:

    reboot

  5. Verify if the static route is present in the system routing table:

    netstat -rn

Please note that the gateway address (in our case it’s 10.0.0.1) must be in one of the interfaces subnets. Otherwise route will not be added and you will receive the following message:

route: writing to routing socket: Network is unreachable

add net 10.20.30.0: gateway 10.0.0.1: Network is unreachable

Related:

Cisco TelePresence Collaboration Endpoint and RoomOS Software Command Injection Vulnerability

A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service (DoS) or gain privileged access to the root filesystem.

The vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending requests with malformed parameters to the system using the console, Secure Shell (SSH), or web API. A successful exploit could allow the attacker to modify the device configuration or cause a DoS.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tp-cmd-inj-7ZpWhvZb

Security Impact Rating: High

CVE: CVE-2020-3336

Related:

  • No Related Posts

Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability

A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload.

The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition within that connection. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A

This advisory is part of the June 3, 2020, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 23 Cisco Security Advisories that describe 25 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Security Impact Rating: High

CVE: CVE-2020-3200

Related:

Unable to load host key “/nsconfig/ssh/ssh_host_dsa_key”: invalid format

Regenerate a new ssh dsa key

======================

Delete/Backup existing corrupted dsa private and pub key locate in /nsconfig/ssh/

> rm /nsoconfig/ssh/ssh_host_dsa_key

> rm /nsoconfig/ssh/ssh_host_dsa_key.pub

Generate a new dsa private and pub key.

> ssh-keygen -t dsa

Give same location and name as previous key :: /nsconfig/ssh/ssh_host_dsa_key

> reboot or reload config file with command: /usr/sbin/sshd -f /etc/sshd_config


Another solution is disable dsa ssh key as is not really required since rsa key is present.

=================

Edit file /etc/sshd_config and comment out [#] dsa key line

root@adc# cat /etc/sshd_config

Port 22

#ListenAddress 0.0.0.0

#ListenAddress :: Protocol 2

HostKey /nsconfig/ssh/ssh_host_rsa_key

#HostKey /nsconfig/ssh/ssh_host_dsa_key Safe file

Copy sshd_config to /nsconfig/

> cp /etc/sshd_config /nsconfig/

Reload sshd with command:

> /usr/sbin/sshd -f /nsconfig/sshd_config

Related:

  • No Related Posts