Cisco Secure Firewall ASA SSH Key-Based Authentication Bypass Vulnerability

A vulnerability exists in the proprietary SSH stack of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, specifically in versions 9.17.1 and later, that allows an unauthenticated, remote attacker to log in and execute commands as a specific user. This issue arises from inadequate validation of user input during the SSH authentication process. An attacker can exploit this vulnerability by sending crafted input during SSH authentication, using a valid username and public key, while bypassing the need for the corresponding private key. Notably, this vulnerability does not grant root access to the attacker.

Impact

Successful exploitation allows an attacker to authenticate as a specific user via SSH key-based authentication, bypassing the requirement for the private SSH key, and execute commands on the device. However, the exploitation does not provide root access.

Remediation

Cisco has released software updates to address this vulnerability. For guidance on upgrading, refer to the Cisco Secure Firewall ASA Upgrade Guide. To determine the best release to upgrade to, consult the Cisco Software Checker tool.