by Robinson Roca, Practice Leader – Network Infrastructure
Recently the “Bug Bounty Project”, an endeavor run by the European Union has uncovered a few very risky vulnerabilities in a well know and popular application called PuTTy. PuTTY is a software terminal emulator for Windows and Linux. It provides a text user interface to remote computers running any of its supported protocols, including SSH and Telnet. PuTTy can also be used to create secured tunnels over networks. This tool is used most often as a means of management connectivity to network equipment such as; Citrix NetScaler, switches, firewalls, routers, Linux servers, and even to access Power Shell in Microsoft Windows environments.
These recently discovered vulnerabilities introduces the following risks:
These risks create the possibility of a man in the middle attack. An (MITM) is when perpetrator positions himself in a conversation between a user and an application, either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway. Patched executables have been released and are available for download.
Helient makes our services available to you to mitigate this vulnerability, simply open a ticket and let us know that you would like to upgrade your installation of PuTTy to mitigate the recent vulnerabilities, and we will ensure all installed versions of PuTTy in your environment have been upgraded.
For your reference, The Common Vulnerabilities and Exposure designations are below:
If you have any questions or need assistance with PuTTy, please contact us at service@helient.com.