Cisco ISE 3.4.0.608 Vulnerability

jm-barreto — Mon, 21 Apr 2025 16:56:20 GMT

Greetings

My vulnerability Scan show that my ISE server have 2 vulnerability in version 3.4.0.608

PKIX-SSH Prefix Truncation Attacks in SSH Specification (Terrapin Attack)

"Update to version 14.4 or later.

Notes:

- Client and Server implementations need to run a fixed version to mitigate this flaw

- Please create an override for this result if an adequate mitigation (e.g. in form of disabling

the affected ciphers) has been applied and the risk is accepted that the mitigation won't be

reverted again in the future"

CVE-2023-48795

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

SSL/TLS: Renegotiation DoS Vulnerability (CVE-2011-1473, CVE-2011-5094)

"Users should contact their vendors for specific patch information.

A general solution is to remove/disable renegotiation capabilities altogether from/in the affected

SSL/TLS service."

CVE-2011-1473,CVE-2011-5094

"The flaw might make it easier for remote attackers to cause a

DoS (CPU consumption) by performing many renegotiations within a single connection."

Its there any fix or patch upgrade to fix this? I mostly use the ISE for Device Administration (TACACS)

Thanks in advance

Re: Cisco ISE 3.4.0.608 Vulnerability

ahollifield — Tue, 22 Apr 2025 13:45:31 GMT

What patch level of 3.4? Note that Cisco uses a customized version of OpenSSH. These are most likely false positives.

Re: Cisco ISE 3.4.0.608 Vulnerability

Marcelo Morais — Wed, 23 Apr 2025 05:48:06 GMT

Hi @jm-barreto ,

please take a look at: Cisco Security Advisories - Identity Services Engine.

Note: I didn't find the CVE-2011-1473, CVE-2011-5094 or CVE-2023-48795.

Hope this helps !!!

topic Re: Cisco ISE 3.4.0.608 Vulnerability in Network Access Control

Cisco ISE 3.4.0.608 Vulnerability

Re: Cisco ISE 3.4.0.608 Vulnerability

Re: Cisco ISE 3.4.0.608 Vulnerability