CPSEC-18: Libssh Vulnerability
November 9, 2018
Summary: A vulnerability in libssh’s server-side state machine before versions 0.7.6 and 0.8.4. Malicious agent could create channels without performing authentication, facilitating unauthorized access.
Mitigation: Although CP does use libssh coding, CP products are not vulnerable to this OBM or AAOBM service. CP uses client-side implementation and this specific vulnerability exploits server-side implementation. NCOS – Although we do use the libssh code, we use a separate Python authentication wrapper for authentication, and we are not vulnerable to this.