https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5143495#M590555 <P>Hello,<BR />In this bug ID, details needs to be clear like what about 3.1 Patch 5, 6, 7, 8,9 which is vulnerable or not?<BR />Because, we got an alert from our internal SOC team that few of the servers running with 3.1 patch 8 is affected and few are not affected which is very confusing.<BR /><BR />I tried to check the openssh version on the Cisco ISE nodes but there is no details how to verify this <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P><P>Does anyone knows how to verify if the machine is affected or not by this vulnerability?<BR /><BR /><A href="https://tools.cisco.com/bugsearch/bug/CSCwk61938" target="_blank">https://tools.cisco.com/bugsearch/bug/CSCwk61938</A><BR /><BR />Thanks,<BR />Saravana</P> Thu, 11 Jul 2024 11:04:59 GMT Saravana17 2024-07-11T11:04:59Z https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5142801#M590525 <P><A href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024?emailclick=CNSemail" target="_blank" rel="noopener">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024?emailclick=CNSemail</A></P><TABLE><TBODY><TR><TD>Identity Services Engine (ISE)</TD><TD><A href="https://tools.cisco.com/bugsearch/bug/CSCwk61938" target="_blank" rel="noopener">CSCwk61938</A></TD><TD>3.3 patch (Jul 2024)<BR />3.2 patch (Sep 2024)<BR />3.1 patch (Jan 2025)</TD></TR></TBODY></TABLE><P>None of the patches listed above is available.</P><P>According to this article, ISE 3.2 patch-x is vulnerable; however, in the same article, it references a bug ID&nbsp;<A href="https://tools.cisco.com/bugsearch/bug/CSCwk61938" target="_blank" rel="noopener">https://tools.cisco.com/bugsearch/bug/CSCwk61938</A>&nbsp;and stated that the issue is fixed.&nbsp;</P><P>Thoughts?</P><P>&nbsp;</P> Wed, 10 Jul 2024 11:23:53 GMT https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5142801#M590525 adamscottmaster2013 2024-07-10T11:23:53Z https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5142804#M590526 <P>Looks like Cisco is updating the bugID since I read it yesterday:&nbsp;&nbsp;</P><P>&nbsp;</P><P><STRONG>Workaround:</STRONG><SPAN> Cisco is working on a hotpatch for 3.1 and 3.2. Permanent fix is planned for 3.1 patch 10 and 3.2 patch 7 Fix for 3.3 is available in patch 3 - ETA July 16th </SPAN></P> Wed, 10 Jul 2024 11:25:57 GMT https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5142804#M590526 adamscottmaster2013 2024-07-10T11:25:57Z https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5143495#M590555 <P>Hello,<BR />In this bug ID, details needs to be clear like what about 3.1 Patch 5, 6, 7, 8,9 which is vulnerable or not?<BR />Because, we got an alert from our internal SOC team that few of the servers running with 3.1 patch 8 is affected and few are not affected which is very confusing.<BR /><BR />I tried to check the openssh version on the Cisco ISE nodes but there is no details how to verify this <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P><P>Does anyone knows how to verify if the machine is affected or not by this vulnerability?<BR /><BR /><A href="https://tools.cisco.com/bugsearch/bug/CSCwk61938" target="_blank">https://tools.cisco.com/bugsearch/bug/CSCwk61938</A><BR /><BR />Thanks,<BR />Saravana</P> Thu, 11 Jul 2024 11:04:59 GMT https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5143495#M590555 Saravana17 2024-07-11T11:04:59Z https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5146447#M590697 <P>it is now July 18. and a fix/update has not been released yet</P> Thu, 18 Jul 2024 06:00:12 GMT https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5146447#M590697 DCampus 2024-07-18T06:00:12Z https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5148547#M590796 <P>Unfortunately the "Fix" to ISE3.3, with Patch 3 that is now out, is NOT a fix.&nbsp; &nbsp; The OpenSSH version that fixes the issue is 9.8.&nbsp; &nbsp;Going from Patch2 to Patch3 brought me from OpenSSH v8.8 to OpenSSH v9.1, NOT the 9.8 required to fix it?&nbsp; &nbsp;They say this is a "workaround", but I see nothing in the CVE that mentions 9.1 being an acceptable workaround?</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 22 Jul 2024 21:06:01 GMT https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5148547#M590796 cnorborg 2024-07-22T21:06:01Z https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5154378#M591013 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/158670">@cnorborg</a>&nbsp;,<BR />Yes, you are right. the hotpatch upgraded Openssh version to 9.1 but not to the remediated version as 9.8 or later. Yesterday I tested with 3.1 hotpatch as well but it's same.<BR />Not sure if any revised hotpatch will be released?<BR /><BR />Thanks,<BR />Saravana</P> Thu, 01 Aug 2024 07:00:51 GMT https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5154378#M591013 Saravana17 2024-08-01T07:00:51Z https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5157227#M591128 <P>Hi anyone updated their ise to 3.4.0? It says in the release notes that the&nbsp;CSCwk61938 is resolved. See release notes:&nbsp;&nbsp;<SPAN><SPAN class=""><A title="https://www.cisco.com/c/en/us/td/docs/security/ise/3-4/release_notes/b_ise_34_rn.html" href="https://www.cisco.com/c/en/us/td/docs/security/ise/3-4/release_notes/b_ise_34_RN.html" target="_blank" rel="noreferrer noopener">https://www.cisco.com/c/en/us/td/docs/security/ise/3-4/release_notes/b_ise_34_RN.html</A></SPAN></SPAN></P> Wed, 07 Aug 2024 15:52:13 GMT https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5157227#M591128 SamCruz92287 2024-08-07T15:52:13Z https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5159361#M591178 <P>Hi All,<BR />It's good to know that now Cisco updated that clearly this vulnerability is fixed on the released hotpatches (Openssh V9.1).&nbsp;<BR />Below is updated on the bug details,<BR /><SPAN>NOTE: Cisco uses a customized library for SSH, the fix for this vulnerability is implemented in CiscoSSH 1.13.48 (based on OpenSSH 9.1)</SPAN><BR /><BR /><BR />Thanks,<BR />Saravana</P> Mon, 12 Aug 2024 06:30:29 GMT https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5159361#M591178 Saravana17 2024-08-12T06:30:29Z https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5159619#M591187 <P>Below?&nbsp; &nbsp;Did you forget to post a link or something?&nbsp;</P> Mon, 12 Aug 2024 14:17:36 GMT https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5159619#M591187 cnorborg 2024-08-12T14:17:36Z https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5159625#M591188 <P>No, It's mentioned on the same Cisco bug ID link,<BR /><BR /><A href="https://tools.cisco.com/bugsearch/bug/CSCwk61938" target="_blank">https://tools.cisco.com/bugsearch/bug/CSCwk61938</A><BR /><BR />Thanks,<BR />Saravana</P> Mon, 12 Aug 2024 14:37:02 GMT https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5159625#M591188 Saravana17 2024-08-12T14:37:02Z https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5164560#M591345 <P>I have done this as well.&nbsp; ISE 3.3 patch 3 is NOT reporting as compliant and it is NOT fixing this vulnerability.</P> Thu, 22 Aug 2024 16:00:01 GMT https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5164560#M591345 Chris_Schubert 2024-08-22T16:00:01Z https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5165711#M591377 <P>Hi,<BR />How did you verify that if this is not compliant?<BR /><BR />As per cisco below update,&nbsp;<BR /><BR /><SPAN>NOTE: Cisco uses a customized library for SSH, the fix for this vulnerability is implemented in CiscoSSH 1.13.48 (based on OpenSSH 9.1)</SPAN><BR /><BR /><A href="https://tools.cisco.com/bugsearch/bug/CSCwk61938" target="_blank" rel="nofollow noopener noreferrer">https://tools.cisco.com/bugsearch/bug/CSCwk61938</A><BR /><BR />Thanks,<BR />Saravana</P> Sun, 25 Aug 2024 20:46:45 GMT https://community.cisco.com/t5/network-access-control/cisco-cve-2024-6387-openssh-server-regresshion/m-p/5165711#M591377 Saravana17 2024-08-25T20:46:45Z