Cisco Small Business Switches Secure Shell Certificate Authentication Bypass Vulnerability

2019-05-0116:00:00

tools.cisco.com

0.001 Low

EPSS

Percentile

42.9%

JSON

A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication.
The vulnerability exists because OpenSSH mishandles the authentication process. An attacker could exploit this vulnerability by attempting to connect to the device via SSH. A successful exploit could allow the attacker to access the configuration as an administrative user if the default credentials are not changed.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-scbv [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-scbv”]

Affected configurations

Vulners

Node

cisco200_series_smart_switches_softwareMatchany

ciscosmall_business_220_series_smart_plus_switchesMatchany

ciscosmall_business_srp520_series_firmwareMatch200_series_smart_switches

ciscosmall_business_srp520_series_firmwareMatch300_series_managed_switches

ciscosmall_business_srp520_series_firmwareMatch500_series_stackable_managed_switches

ciscosmall_business_srp520_series_firmwareMatch250_series_smart_switches_software

ciscosmall_business_srp520_series_firmwareMatch350_series_managed_switches_software

ciscosmall_business_srp520_series_firmwareMatch350x_series_managed_switches_software

ciscosmall_business_srp520_series_firmwareMatch550x_series_stackable_managed_switches_software

CPENameOperatorVersion
cisco small business 200 series smart switcheseqany
cisco small business 300 series managed switcheseqany
cisco small business 500 series stackable managed switcheseqany
cisco small business 250 series smart switches softwareeqany
cisco small business 350 series managed switches softwareeqany
cisco small business 350x series managed switches softwareeqany
cisco small business 550x series stackable managed switches softwareeqany
cisco small businesseq200 Series Smart Switches
cisco small businesseq300 Series Managed Switches
cisco small businesseq500 Series Stackable Managed Switches

Name	Operator	Version
cisco small business 200 series smart switches	eq	any
cisco small business 300 series managed switches	eq	any
cisco small business 500 series stackable managed switches	eq	any
cisco small business 250 series smart switches software	eq	any
cisco small business 350 series managed switches software	eq	any
cisco small business 350x series managed switches software	eq	any
cisco small business 550x series stackable managed switches software	eq	any
cisco small business	eq	200 Series Smart Switches
cisco small business	eq	300 Series Managed Switches
cisco small business	eq	500 Series Stackable Managed Switches