ADTSA-201805: Authentication bypass in libssh server code

Version 4

    Description

    libssh versions 0.6 and above have an authentication bypass vulnerability in the server code.  By presenting the server a SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, an attacker can successfully authenticate without any credentials.

     

    CVE ID

     

    Affected Products

    Product FamilySeverityNotes
    Mosaic Cloud Platform PMAALow (Not Exploitable)The products listed contain an affected version of libssh, but rely on authentication methods provided outside of the libssh module.  Because of this, the vulnerability is not exploitable in these products even though the vulnerable code is present.  Although the vulnerability is not exploitable, ADTRAN has already patched libssh for new versions of the software currently in development.  The updated version of libssh will be included in any future regularly scheduled feature and/or maintenance releases.

    SDX 602 Series 10G PON IBONT

    SDX 621 Series 10G PON SFU ONT

    Low (Not Exploitable)The products listed contain an affected version of libssh, but rely on authentication methods provided outside of the libssh module.  Because of this, the vulnerability is not exploitable in these products even though the vulnerable code is present.  Although the vulnerability is not exploitable, ADTRAN has already patched libssh for new versions of the software currently in development.  The updated version of libssh will be included in any future regularly scheduled feature and/or maintenance releases.

    508G G.fast DPU

    516G G.fast DPU

    SDX 2200 Series G.fast DPU

    Low (Not Exploitable)The products listed contain an affected version of libssh, but rely on authentication methods provided outside of the libssh module.  Because of this, the vulnerability is not exploitable in these products even though the vulnerable code is present.  Although the vulnerability is not exploitable, ADTRAN has already patched libssh for new versions of the software currently in development.  The updated version of libssh will be included in any future regularly scheduled feature and/or maintenance releases.
    SDX 6210 Series 10G EPON OLTLow (Not Exploitable)The products listed contain an affected version of libssh, but rely on authentication methods provided outside of the libssh module.  Because of this, the vulnerability is not exploitable in these products even though the vulnerable code is present.  Although the vulnerability is not exploitable, ADTRAN has already patched libssh for new versions of the software currently in development.  The updated version of libssh will be included in any future regularly scheduled feature and/or maintenance releases.
    SDX 6310 Series XGS-PON/NP-PON2 OLTLow (Not Exploitable)The products listed contain an affected version of libssh, but rely on authentication methods provided outside of the libssh module.  Because of this, the vulnerability is not exploitable in these products even though the vulnerable code is present.  Although the vulnerability is not exploitable, ADTRAN has already patched libssh for new versions of the software currently in development.  The updated version of libssh will be included in any future regularly scheduled feature and/or maintenance releases.

     

    Mitigating Factors & Recommended Actions

    Product FamilyMitigating FactorsRecommended Actions
    Mosaic Cloud Platform PMAASee 'Notes' in the Affected Products section above.N/A

    SDX 602 Series 10G PON IBONT

    SDX 621 Series 10G PON SFU ONT

    See 'Notes' in the Affected Products section above.N/A

    508G G.fast DPU

    516G G.fast DPU

    SDX 2200 Series G.fast DPU

    See 'Notes' in the Affected Products section above.N/A
    SDX 6210 Series 10G EPON OLTSee 'Notes' in the Affected Products section above.N/A
    SDX 6310 Series XGS-PON/NP-PON2 OLTSee 'Notes' in the Affected Products section above.N/A

     

    Resolution

    Product FamilyResolution
    Mosaic Cloud Platform PMAAUpgrade to the next software release when available to obtain a patched version of libssh.

    SDX 602 Series 10G PON IBONT

    SDX 621 Series 10G PON SFU ONT

    Upgrade to the next software release when available to obtain a patched version of libssh.

    508G G.fast DPU

    516G G.fast DPU

    SDX 2200 Series G.fast DPU

    Upgrade to the next software release when available to obtain a patched version of libssh.
    SDX 6210 Series 10G EPON OLTUpgrade to the next software release when available to obtain a patched version of libssh.
    SDX 6310 Series XGS-PON/NP-PON2 OLTUpgrade to the next software release when available to obtain a patched version of libssh.

     

    Revision History

    • Revision C (2018-11-06):  All investigations have been completed
    • Revision B (2018-10-19):  Added Mosaic Cloud Platform PMAA as an affected product
    • Revision A (2018-10-19):  Initial Release