Summary

Nexpose physical appliances shipped with an SSH configuration that allowed obsolete algorithms to be used for key exchange and other functions. Because these algorithms are enabled, attacks involving authentication to the hardware appliances are more likely to succeed. We strongly encourage current hardware appliance owners to update their systems to harden their SSH configuration using the steps outlined under “Remediation” below. In addition, Rapid7 is working with the appliance vendor to ensure that future appliances will only allow desired algorithms.

This vulnerability is classified as CWE-327 (Use of a Broken or Risky Cryptographic Algorithm). Given that the SSH connection to the physical appliances uses the 'administrator' account, which does have sudo access on the appliance, the CVSS base score for this issue is 8.5.

Credit

Rapid7 warmly thanks Liam Somerville for reporting this vulnerability to us, as well as providing information throughout the investigation to help us resolve the issue quickly.

Am I affected?

All physical, hardware appliances are affected. Virtual appliances (downloadable virtual machines) are NOT affected.

Vulnerability Details

Nexpose Physical Appliances

The default SSH configuration of the hardware appliance enables potentially problematic algorithms which are considered obsolete.

KEX algorithms:

diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1,   
ssh-dss, ecdsa-sha2-nistp256, ssh-ed25519  

Encryption algorithms:

arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc,   
aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se  

MAC algorithms:

hmac-md5-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64-etm@openssh.com, hmac-ripemd160-etm@openssh.com,  
hmac-sha1-96-etm@openssh.com, hmac-md5-96-etm@openssh.com, hmac-md5, hmac-sha1, umac-64@openssh.com,   
hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96  

These are supported by the version of OpenSSH used on the appliance, and should be disabled via explicit configuration that enables only desired algorithms.

Nexpose Virtual Appliances

The software appliances (downloadable virtual machines) are NOT affected by this issue. They specify desired algorithms, only allowing those generally recommended.

Remediation - Updated 2017/06/02

Before making any updates, first verify that your appliance is running Ubuntu 14.04 or above. You can determine the version by running "lsb_release -r”. If on 14.04, you should see output like “Release: 14.04”.

If appliance is running Ubuntu 12.04 or below: OS upgrade required

Please reach out to Rapid7 support for more information on upgrading. Ubuntu 12.04 reached End of Life in April 2017, and we strongly encourage you to update to a supported version. DO NOT continue with the changes below if you are not on 14.04 or above, as some of the configuration options will not be supported by older versions of OpenSSH.

If appliance is running Ubuntu 14.04 or above

The version of OpenSSH on base Ubuntu 14.04 (“OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014”) will support the configuration changes below. If you updated from 12.04, you may want to update OpenSSH to the latest available version to ensure you have available security patches, but it is not required for this change. You can check you OpenSSH version by running “ssh -V”. The current latest for 14.04 is “OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8”

Note on verification and existing connections

Do not close the SSH session you use to make the configuration change until you first attempt a new connection and verify you are able to connect. This will enable you to stay connected in the event there is a problem with the edit and you need to revert and review, as active SSH sessions should not be closed even across service restarts. If you skip this step, you may lose the ability to connect over SSH, potentially meaning you need physical access or other means to fix the issue.

Configuration change

Administrators need to edit the /etc/ssh/sshd_config file on their Nexpose appliance. Before changing the configuration file, copy it (e.g. "sudo cp /etc/ssh/sshd_config /home/administrator") in case there is a problem during editing. Add the following lines (based on the guidelines available here) to the end of the file:

# Enable only modern ciphers, key exchange, and MAC algorithms  
# https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29  
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256  
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr  
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com  

Please be careful to copy the entirety of the lines above, which may scroll horizontally in your browser. You can also copy from this gist. Depending on the version of SSH you have installed, there may be other configuration lines in that file for "KexAlgorithms", "Ciphers", and "MACs". If that is the case, remove or comment (add a"#" to the beginning of the line) those lines so that the desired configuration you add is sure to be respected.

Editing this file will require root access, so the appliance default "administrator" user, or another user with permission to sudo, will need to perform this step.

After updating the configuration file, verify that the changes made match the configuration above. This is important, as missing part of the configuration may result in a syntax error on service restart, and a loss of connectivity. You can run this command and compare the three output lines with the configuration block above:

egrep "KexAlgorithms|Ciphers|MACs" /etc/ssh/sshd_config  

After verifying the configuration change, restart the SSH service by running "service ssh restart". Once that completes, verify you can still connect via ssh client to the appliance in a separate terminal. Do not close the original terminal until you've successfully connected with a second terminal.

This change should not impact connections from Nexpose instances to the physical appliance (SSH is not used for this communication). The main impact is shoring up access by SSH clients such that they cannot connect to the appliance using obsolete algorithms.

We apologize for any inconvenience, and would like to warmly thank the customers that worked with us to test and troubleshoot these remediations.

Disclosure Timeline

  • Wed, May 10, 2017: Vulnerability reported to Rapid7
  • Wed, May 17, 2017: Vulnerability confirmed by Rapid7
  • Tue, May 23, 2017: Rapid7 assigned CVE-2017-5243 for this issue
  • Wed, May 31, 2017: Disclosed to MITRE
  • Wed, May 31, 2017: Public disclosure