OpenSSH Vulnerabilities Jan-Oct 2019
Summary
Symantec SWG products using affected versions of OpenSSH are susceptible to multiple vulnerabilities. A malicious SCP server or SCP man-in-the-middle (MITM) attacker can modify state on the SCP client host. A local attacker can cause denial of service through OpenSSH application crashes.
Affected Product(s)
| Director | ||
| CVE | Supported Version(s) | Remediation |
| CVE-2018-20685, CVE-2019-6109 CVE-2019-6110, CVE-2019-6111 |
6.1 | Upgrade to a version of MC with the fixes. |
| Management Center (MC) | ||
| CVE | Supported Version(s) | Remediation |
| CVE-2018-20685, CVE-2019-6109, CVE-2019-6111 | 2.3, 2.4, 3.0 | Upgrade to a later release with fixes. |
| 3.1 and later | Not vulnerable, fixed in 3.1.1.1 | |
| CVE-2019-6110 | 2.3 and later | A fix will not be provided because no suitable fix is available for the upstream OpenSSH library. |
| Security Analytics (SA) | ||
| CVE | Supported Version(s) | Remediation |
| CVE-2019-6110 | 7.2 and later | A fix will not be provided because no suitable fix is available for the upstream OpenSSH library. |
| CVE-2018-20685, CVE-2019-6109 CVE-2019-6111 |
7.2, 7.3, 8.0 | Upgrade to a later release with fixes. |
| 8.1 | Upgrade to 8.1.3 | |
| 8.2 and later | Not vulnerable, fixed in 8.2.1. | |
| Symantec Messaging Gateway (SMG) | ||
| CVE | Supported Version(s) | Remediation |
| CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111 | 10.7 | Not available at this time |
| X-Series XOS | ||
| CVE | Supported Version(s) | Remediation |
| CVE-2018-20685, CVE-2019-6109 CVE-2019-6110, CVE-2019-6111 |
10.0, 11.0 | A fix will not be provided. |
Additional Product Information
The following products are not vulnerable:
Advanced Secure Gateway (ASG)
AuthConnector
BCAAA
Content Analysis (CA)
General Auth Connector Login Application
HSM Agent for the Luna SP
Mail Threat Defense (MTD)
PacketShaper (PS) S-Series
PolicyCenter (PC) S-Series
ProxySG
Reporter
Security Analytics (SA)
SSL Visibility (SSLV)
Unified Agent
Web Isolation (WI)
WSS Agent
WSS Mobile Agent
CacheFlow
Information will not be provided. Please switch to a version of ProxySG MACH5 Edition with the vulnerability fixes.
Issue Details
| CVE-2018-20685 | |
| Severity / CVSS v3.0: | Medium / 5.3 (AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) |
| References: | NVD: CVE-2018-20685 |
| Impact: | Unauthorized modification |
| Description: | A flaw in the SCP client allows a remote malicious SCP server or MITM attacker to send a crafted response and modify permissions of the target client directory. |
| CVE-2019-6109 | |
| Severity / CVSS v3.0: | Medium / 6.8 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N) |
| References: | NVD: CVE-2019-6109 |
| Impact: | Unauthorized modification |
| Description: | A flaw in the SCP client allows a remote malicious SCP server or MITM attacker to send crafted objects and modify the SCP client output, such as hide additional files being transferred. |
| CVE-2019-6110 | |
| Severity / CVSS v3.0: | Medium / 6.8 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N) |
| References: | NVD: CVE-2019-6110 |
| Impact: | Unauthorized modification |
| Description: | A flaw in the SCP client allows a remote malicious SCP server or MITM attacker to send crafted error message and modify the SCP client output, such as hide additional files being transferred. |
| CVE-2019-6111 | |
| Severity / CVSS v3.0: | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) |
| References: | NVD: CVE-2019-6111 |
| Impact: | Unauthorized modification |
| Description: | An insufficient validation flaw in the SCP client allows a remote malicious SCP server or MITM attacker to send files with crafted names and overwrite arbitrary files in the target client directory or in subdirectories. |
| CVE-2019-15609 | |
| Severity / CVSS v3.0: | High / 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) |
| References: | NVD: CVE-2019-15609 |
| Impact: | Denial of service |
| Description: | A flaw in local XMLSS private key processing allows a local attacker to configure OpenSSH with a crafted XMSS private key and cause denial of service through an OpenSSH application crash. |
Mitigation & Additional Information
By default, X-Series XOS does not use OpenSSH as an SCP client. Customers who leave this behavior unchanged prevent attacks against XOS.
Revisions
2021-07-15 A fix for Security Analytics 7.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. Information for CF will not be provided. SMG 10.7 is vulnerable.
2021-06-01 A fix for MC 3.0 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2021-04-30 A fix for CVE-2019-6110 in Management Center (MC) will not be provided.
2021-04-26 PacketShaper (PS) S-Series and PolicyCenter (PC) S-Series are not vulnerable.
2021-02-18 A fix for MC 2.4 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2020-12-09 A fix for CVE-2018-20685, CVE-2019-6109, and CVE-2019-6111 in SA 8.1 is available in 8.1.3. A fix for CVE-2019-6110 in SA will not be provided. SA 8.2 is not vulnerable because a fix is available in 8.2.1.
2020-11-30 MC 3.1 is not vulnerable because a fix is available in 3.1.1.1.
2020-11-19 A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for XOS 9.7, 10.0, and 11.0 will not be provided. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes.
2020-08-19 A fix for MC 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2020-04-21 initial public release