OpenSSH Vulnerabilities Jan-Oct 2019

Summary

Symantec SWG products using affected versions of OpenSSH are susceptible to multiple vulnerabilities. A malicious SCP server or SCP man-in-the-middle (MITM) attacker can modify state on the SCP client host. A local attacker can cause denial of service through OpenSSH application crashes.

---

Affected Product(s)

Director

CVE |Supported Version(s)|Remediation
CVE-2018-20685, CVE-2019-6109
CVE-2019-6110, CVE-2019-6111

| 6.1 | Upgrade to a version of MC with the fixes.

Management Center (MC)

CVE |Supported Version(s)|Remediation
CVE-2018-20685, CVE-2019-6109, CVE-2019-6111 | 2.3, 2.4, 3.0 | Upgrade to a later release with fixes.
3.1 and later | Not vulnerable, fixed in 3.1.1.1
CVE-2019-6110 | 2.3 and later | A fix will not be provided because no suitable fix is available for the upstream OpenSSH library.

Security Analytics (SA)

CVE |Supported Version(s)|Remediation
CVE-2019-6110 | 7.2 and later | A fix will not be provided because no suitable fix is available for the upstream OpenSSH library.
CVE-2018-20685, CVE-2019-6109
CVE-2019-6111 | 7.2, 7.3, 8.0 | Upgrade to a later release with fixes.
8.1 | Upgrade to 8.1.3
8.2 and later | Not vulnerable, fixed in 8.2.1.

Symantec Messaging Gateway (SMG)

CVE |Supported Version(s)|Remediation
CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111 | 10.7 | Not available at this time

X-Series XOS

CVE |Supported Version(s)|Remediation
CVE-2018-20685, CVE-2019-6109
CVE-2019-6110, CVE-2019-6111 | 10.0, 11.0 | A fix will not be provided.

Additional Product Information

The following products are not vulnerable:
Advanced Secure Gateway (ASG) AuthConnector BCAAA Content Analysis (CA) General Auth Connector Login Application HSM Agent for the Luna SP **Mail Threat Defense (MTD)
PacketShaper (PS) S-Series
PolicyCenter (PC) S-Series ProxySG Reporter Security Analytics (SA) SSL Visibility (SSLV) Unified Agent Web Isolation (WI) WSS Agent WSS Mobile Agent **

**CacheFlow **Information will not be provided. Please switch to a version of ProxySG MACH5 Edition with the vulnerability fixes.

Issue Details

CVE-2018-20685

Severity / CVSS v3.0: | Medium / 5.3 (AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) References:| NVD: CVE-2018-20685 Impact:| Unauthorized modification Description: | A flaw in the SCP client allows a remote malicious SCP server or MITM attacker to send a crafted response and modify permissions of the target client directory.

CVE-2019-6109

Severity / CVSS v3.0: | Medium / 6.8 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N) References:| NVD: CVE-2019-6109 Impact:| Unauthorized modification Description: | A flaw in the SCP client allows a remote malicious SCP server or MITM attacker to send crafted objects and modify the SCP client output, such as hide additional files being transferred.

CVE-2019-6110

Severity / CVSS v3.0: | Medium / 6.8 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N) References:| NVD: CVE-2019-6110 Impact:| Unauthorized modification Description: | A flaw in the SCP client allows a remote malicious SCP server or MITM attacker to send crafted error message and modify the SCP client output, such as hide additional files being transferred.

CVE-2019-6111

Severity / CVSS v3.0: | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) References:| NVD: CVE-2019-6111 Impact:| Unauthorized modification Description: | An insufficient validation flaw in the SCP client allows a remote malicious SCP server or MITM attacker to send files with crafted names and overwrite arbitrary files in the target client directory or in subdirectories.

CVE-2019-15609

Severity / CVSS v3.0: | High / 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) References:| NVD: CVE-2019-15609 Impact:| Denial of service Description: | A flaw in local XMLSS private key processing allows a local attacker to configure OpenSSH with a crafted XMSS private key and cause denial of service through an OpenSSH application crash.

Mitigation & Additional Information

By default, X-Series XOS does not use OpenSSH as an SCP client. Customers who leave this behavior unchanged prevent attacks against XOS.

Revisions

2021-07-15 A fix for Security Analytics 7.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. Information for CF will not be provided. SMG 10.7 is vulnerable.
2021-06-01 A fix for MC 3.0 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2021-04-30 A fix for CVE-2019-6110 in Management Center (MC) will not be provided.
2021-04-26 PacketShaper (PS) S-Series and PolicyCenter (PC) S-Series are not vulnerable.
2021-02-18 A fix for MC 2.4 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2020-12-09 A fix for CVE-2018-20685, CVE-2019-6109, and CVE-2019-6111 in SA 8.1 is available in 8.1.3. A fix for CVE-2019-6110 in SA will not be provided. SA 8.2 is not vulnerable because a fix is available in 8.2.1.
2020-11-30 MC 3.1 is not vulnerable because a fix is available in 3.1.1.1.
2020-11-19 A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for XOS 9.7, 10.0, and 11.0 will not be provided. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes.
2020-08-19 A fix for MC 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2020-04-21 initial public release