A vulnerability in libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system.
The vulnerability is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message to a targeted system. A successful exploit could allow the attacker to bypass authentication and gain unauthorized access to a targeted system.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181019-libssh [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181019-libssh”]