CPSEC-18: Libssh Vulnerability
2018-11-09 14:23:51
Summary: A vulnerability in libssh's server-side state machine before versions 0.7.6 and 0.8.4. Malicious agent could create channels without performing authentication, facilitating unauthorized access.
Mitigation: Although CP does use libssh coding, CP products are not vulnerable to this OBM or AAOBM service. CP uses client-side implementation and this specific vulnerability exploits server-side implementation. NCOS - Although we do use the libssh code, we use a separate Python authentication wrapper for authentication, and we are not vulnerable to this.