OpenSSH Vulnerabilities Jan-Aug 2018

SYMSA1469
Last Updated October 07, 2019
Initial Publication Date November 29, 2018
Copy Article Title/URL
Feedback
Subscribe
  • Status: Open
  • Severity: High
  • CVSS Base Score: 7.5

Symantec Network Protection products using affected versions of OpenSSH are susceptible to several vulnerabilities.  A remote attacker, with access to the management interface, can obtain usernames for valid SSH users and cause denial of service through application crashes.

Advanced Secure Gateway (ASG)
CVE Supported Version(s) Remediation
CVE-2016-10708, CVE-2018-15473 6.6 Upgrade to 6.6.5.18.
6.7 Upgrade to 6.7.4.2.

 

CacheFlow (CF)
CVE Supported Version(s) Remediation
CVE-2016-10708, CVE-2018-15473 3.4 Not available at this time

 

Content Analysis (CA)
CVE Supported Version(s) Remediation
CVE-2016-10708, CVE-2018-15473 1.3 Upgrade to later version with fixes.
2.1 and later Not vulnerable

 

Director
CVE Supported Version(s) Remediation
All CVEs 6.1 Not available at this time

 

Mail Threat Defense (MTD)
CVE Supported Version(s) Remediation
CVE-2016-10708, CVE-2018-15473 1.1 Not available at this time

 

Malware Analysis (MA)
CVE Supported Version(s) Remediation
CVE-2016-10708, CVE-2018-15473 4.2 Not available at this time

 

Management Center (MC)
CVE Supported Version(s) Remediation
CVE-2016-10708, CVE-2018-15473 2.0, 2.1 Upgrade to later release with fixes.
2.2, 2.3 Not available at this time

 

PacketShaper (PS)
CVE Supported Version(s) Remediation
CVE-2016-10708 9.2 Not available at this time

 

PacketShaper (PS) S-Series
CVE Supported Version(s) Remediation
CVE-2016-10708, CVE-2018-15473 11.6 Not available at this time
11.9 Not available at this time
11.10 Not available at this time

 

PolicyCenter (PC) S-Series
CVE Supported Version(s) Remediation
CVE-2016-10708, CVE-2018-15473 1.1 Not available at this time

 

ProxySG
CVE Supported Version(s) Remediation
CVE-2016-10708, CVE-2018-15473 6.5 Upgrade to 6.5.10.15.
6.6 Upgrade to 6.6.5.18.
6.7 Upgrade to 6.7.4.2.

 

Reporter
CVE Supported Version(s) Remediation
CVE-2016-10708 9.5 Not vulnerable
10.1, 10.2 Upgrade to later release with fixes.
10.3 No vulnerable, fixed in 10.3.1.1
CVE-2018-15473 9.5 Not vulnerable
10.1, 10.2 Upgrade to later release with fixes.
10.3, 10.4 Not available at this time

 

Security Analytics (SA)
CVE Supported Version(s) Remediation
CVE-2018-15473, CVE-2018-15919 7.2 Not available at this time
7.3 Not available at this time
8.0 Not available at this time

 

SSL Visibility (SSLV)
CVE Supported Version(s) Remediation
All CVEs 3.10 Not avaialble at this time
3.12 Not available at this time
4.2 and later Not vulnerable

 

Web Isolation (WI)
CVE Supported Version(s) Remediation
CVE-2018-15919 1.12 Not available at this time
1.13 Not available at this time

 

X-Series XOS
CVE Supported Version(s) Remediation
CVE-2016-10708, CVE-2018-15473 10.0 Not available at this time
11.0 Not available at this time

 

The following products are not vulnerable:
AuthConnector
BCAAA
Cloud Data Protection for ServiceNow
Cloud Data Protection for Oracle CRM On Demand
Cloud Data Protection Integration Server
Cloud Data Protection Communication Server
General Auth Connector Login Application
HSM Agent for the Luna SP
IntelligenceCenter
IntelligenceCenter Data Collector
PolicyCenter
ProxyAV
ProxyAV ConLog and ConLogXP
Unified Agent
WSS Mobile Agent

CVE-2016-10708
Severity / CVSSv3 High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
References SecurityFocus: BID 102780 / NVD: CVE-2016-10708
Impact Denial of service
Description A flaw in SSH message handling allows a remote attacker to send out-of-sequence NEWKEYS messages and cause an application crash, resulting in denial of service.

 

CVE-2018-15473
Severity / CVSSv3 Medium / 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
References SecurityFocus: BID 105140 / NVD: CVE-2018-15473
Impact Information disclosure
Description A flaw in user authentication allows a remote attacker to discover usernames for valid users on the target.

 

CVE-2018-15919
Severity / CVSSv3 Medium / 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
References SecurityFocus: BID 105163 / NVD: CVE-2018-15919
Impact Information disclosure
Description A flaw in GSS2 handling allows a remote attacker to discover usernames for valid users on the target.

 

These vulnerabilities can be exploited only through the management interfaces for all vulnerable products.  Allowing only machines, IP addresses and subnets from a trusted network to access the management interface reduces the threat of exploiting the vulnerabilities.

2019-10-07 WI 1.12 and 1.3 are vulnerable to CVE-2018-15919.  A fix is not available at this time.
2019-09-05 A fix for MC 2.1 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2019-08-30 It was previously reported that Reporter 10.3 is vulnerable to CVE-2018-15919. Reporter 10.3 is instead vulnerable to CVE-2018-15473. Reporter 10.4 is also vulnerable to CVE-2018-15473.
2019-08-13 MC 2.2 and MC 2.3 are vulnerable to CVE-2016-10708 and CVE-2018-15473. A fix for MC 2.0 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2019-08-09 A fix for ProxySG 6.5 is available in 6.5.10.15.
2019-08-09 A fix for ASG 6.6 and ProxySG 6.6 is available in 6.6.5.18.
2019-08-06 A fix for Reporter 10.1 and 10.2 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2019-02-04 A fix for CA 1.3 will not be provided.  Please upgrade to a later version with the vulnerability fixes.
2019-01-15 A fix for ASG 6.7 and ProxySG 6.7 is available in 6.7.4.2.
2019-01-14 Reporter 10.3 is vulnerable to CVE-2018-15919.  It is not vulnerable to CVE-2016-10708 because a fix is available in 10.3.1.1.
2018-11-29 initial public release

 

 

 

 

Thanks for your feedback. Let us know if you have additional comments below. (requires login)

    © 1995-2019 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.