https://community.cisco.com/t5/network-access-control/openssh-vulnerability-in-cisco-ise/m-p/5116042#M589622 <P>I went through the TAC process for this and I would like to save the next person some time. The mitigation configs from the bug report listed as the solution do stop OpenSSH connections but don't stop the scanner from seeing it as a vulnerability. Hope this helps!</P> Fri, 24 May 2024 20:24:34 GMT Kaleb Kwiatkowski 2024-05-24T20:24:34Z https://community.cisco.com/t5/network-access-control/openssh-vulnerability-in-cisco-ise/m-p/5097878#M589363 <P>Hello! A scan were made to my Cisco ISE and shown a vulnerability in OpenSSH, the recommendations were to upgrade OpenSSH to version &gt;9.6, do anyone knows if there is a CVE documented to this vuln? Or there is any documentation that explain to which version upgrade my ISE?</P> <P>ISE Version: 3.0.0.458<BR />Installed Patches: 5</P> <P>&nbsp;</P> Thu, 09 May 2024 18:35:00 GMT https://community.cisco.com/t5/network-access-control/openssh-vulnerability-in-cisco-ise/m-p/5097878#M589363 Arthur Martez 2024-05-09T18:35:00Z https://community.cisco.com/t5/network-access-control/openssh-vulnerability-in-cisco-ise/m-p/5098234#M589365 <P>CVE should be universal, so if you know the CVE you should be able to find it on cisco.com and see if it is fixed and what version/patch. Without that info there isn't much we can instruct you on. Whatever you use to scan should give you the CVE.</P> Thu, 09 May 2024 19:37:16 GMT https://community.cisco.com/t5/network-access-control/openssh-vulnerability-in-cisco-ise/m-p/5098234#M589365 Dustin Anderson 2024-05-09T19:37:16Z https://community.cisco.com/t5/network-access-control/openssh-vulnerability-in-cisco-ise/m-p/5098365#M589366 <P>Yeah, you were right, aparentelly is the&nbsp;CVE-2023-48795, but I only found solved bugs for other Cisco Devices, not for ISE, do you know if theres an announced patch for that CVE and for ISE?</P> Thu, 09 May 2024 19:54:45 GMT https://community.cisco.com/t5/network-access-control/openssh-vulnerability-in-cisco-ise/m-p/5098365#M589366 Arthur Martez 2024-05-09T19:54:45Z https://community.cisco.com/t5/network-access-control/openssh-vulnerability-in-cisco-ise/m-p/5098777#M589375 <P><A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwi57761" target="_blank">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwi57761</A></P> Thu, 09 May 2024 23:16:54 GMT https://community.cisco.com/t5/network-access-control/openssh-vulnerability-in-cisco-ise/m-p/5098777#M589375 Greg Gibbs 2024-05-09T23:16:54Z https://community.cisco.com/t5/network-access-control/openssh-vulnerability-in-cisco-ise/m-p/5116042#M589622 <P>I went through the TAC process for this and I would like to save the next person some time. The mitigation configs from the bug report listed as the solution do stop OpenSSH connections but don't stop the scanner from seeing it as a vulnerability. Hope this helps!</P> Fri, 24 May 2024 20:24:34 GMT https://community.cisco.com/t5/network-access-control/openssh-vulnerability-in-cisco-ise/m-p/5116042#M589622 Kaleb Kwiatkowski 2024-05-24T20:24:34Z https://community.cisco.com/t5/network-access-control/openssh-vulnerability-in-cisco-ise/m-p/5117794#M589641 <P>Thank you! It is really helpful</P> Mon, 27 May 2024 16:23:37 GMT https://community.cisco.com/t5/network-access-control/openssh-vulnerability-in-cisco-ise/m-p/5117794#M589641 Arthur Martez 2024-05-27T16:23:37Z