MAL-008: SSHtranger Things (CVE-2019-6111, CVE-2019-6110) in Cisco SD-WAN

Cisco SD-WAN v20.4.2.1 uses an old version of SSH (OpenSSH_7.6p1) that is susceptible to the “SSHtranger Things” attack. If a victim tries to connect to a malicious/compromised SSH server this attack may be used to write/overwrite sensitive files.

By overwriting sensitive script files (e.g. “.bashrc”) this may allow an unauthenticated attacker to obtain Remote Code Execution (RCE) on the victim’s system.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Requirements:

This vulnerability requires:

Successful SSH MITM
OR
Social engineering to convince a legitimate SD-WAN user to connect to a malicious SSH server

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

Additional Information:

PoC for CVE-2019-6111 and CVE-2019-6110

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
Cisco SD-WAN - SSHtranger Things.pdf		Cisco SD-WAN - SSHtranger Things.pdf
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

MAL-008: SSHtranger Things (CVE-2019-6111, CVE-2019-6110) in Cisco SD-WAN

Vendor Disclosure:

Requirements:

Proof Of Concept:

Additional Information:

About

mbadanoiu/MAL-008

Folders and files

Latest commit

History

Repository files navigation

MAL-008: SSHtranger Things (CVE-2019-6111, CVE-2019-6110) in Cisco SD-WAN

Vendor Disclosure:

Requirements:

Proof Of Concept:

Additional Information:

About

Topics

Resources

Stars

Watchers

Forks