Cradlepoint wireless edge solutions unlock the power of LTE and 5G cellular networks to give your WAN the boundless reach, nonstop reliability, and real-time agility it needs to keep up with your business. Connect fixed and temporary sites, vehicles, field forces, and IoT devices, anywhere. Simply. Securely. Wirelessly.
CPSEC-18: Libssh Vulnerability
November 9, 2018
Summary: A vulnerability in libssh’s server-side state machine before versions 0.7.6 and 0.8.4. Malicious agent could create channels without performing authentication, facilitating unauthorized access.
Mitigation: Although CP does use libssh coding, CP products are not vulnerable to this OBM or AAOBM service. CP uses client-side implementation and this specific vulnerability exploits server-side implementation. NCOS – Although we do use the libssh code, we use a separate Python authentication wrapper for authentication, and we are not vulnerable to this.