What is PKIX-SSH?
PKIX-SSH is a fork of OpenSSH which has been modified to support X.509 v3 certificate authentication. runZero often sees this on network management devices and baseband management controllers.
Latest PKIX-SSH vulnerability: regreSSHion
On July 1, 2024 the OpenSSH team released version 9.8p1 to address 2 vulnerabilities. The most critical of the two allows Remote Code Execution (RCE) by unauthenticated attackers under certain situations. This vulnerability was discovered by Qualys and dubbed “regreSSHion“.
For more details and guidance for locating OpenSSH please see our prior OpenSSH Rapid Response post.
On July 6, 2024 PKIX-SSH version 15.1 was released to address the regreSSHion vulnerability which impacted versions 13.3.2 to 15.0.
Are updates or workarounds available?
Version 15.1 was released to address the vulnerability.
How to find potentially vulnerable PKIX-SSH systems with runZero
For locating assets with the impacted PKIX versions go the Software Inventory and use the following query:
name:"Roumen Petrov PKIX-SSH" (version:>13.3.1 AND version:<15.1)Specific services can be found using the Service Inventory and the following query which will remove some of the versions known to be patched or otherwise not impacted:
protocol:ssh ( _service.product:="Roumen Petrov:PKIX-SSH:13.%" OR _service.product:="Roumen Petrov:PKIX-SSH:14.%" OR _service.product:="Roumen Petrov:PKIX-SSH:15.0" ) NOT (os:OpenBSD OR banner:"PKIX[13.2" )We have a canned query named “Rapid Response: OpenSSH regreSSHion RCE – PKIX-SSH” that can be used to locate potentially impacted systems.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.
