https://community.cisco.com/t5/network-security/cve-not-found-openssh-vulnerabilitiy/m-p/4540354#M1086821 <P>I have recently had some openSSH vulnerabilities show up on a report for some of my switches and routers and when I searched the CVE on Cisco's advisory page nothing came up.</P><P>&nbsp;</P><P>Is it safe to assume that this vulnerability does not affect my Cisco products? This CVE just showed up, CVE-2019-16905, and I want to make sure that it doesn't affect the device before saying it is a false positive. Any help would be appreciated.</P><P>&nbsp;</P><P>Thanks</P> Thu, 27 Jan 2022 14:23:02 GMT moorec43 2022-01-27T14:23:02Z https://community.cisco.com/t5/network-security/cve-not-found-openssh-vulnerabilitiy/m-p/4540354#M1086821 <P>I have recently had some openSSH vulnerabilities show up on a report for some of my switches and routers and when I searched the CVE on Cisco's advisory page nothing came up.</P><P>&nbsp;</P><P>Is it safe to assume that this vulnerability does not affect my Cisco products? This CVE just showed up, CVE-2019-16905, and I want to make sure that it doesn't affect the device before saying it is a false positive. Any help would be appreciated.</P><P>&nbsp;</P><P>Thanks</P> Thu, 27 Jan 2022 14:23:02 GMT https://community.cisco.com/t5/network-security/cve-not-found-openssh-vulnerabilitiy/m-p/4540354#M1086821 moorec43 2022-01-27T14:23:02Z https://community.cisco.com/t5/network-security/cve-not-found-openssh-vulnerabilitiy/m-p/4540374#M1086822 <P>May be condition as below :</P> <P>&nbsp;</P> <P><SPAN class="qtr-margin-top ">After analysis, Cisco has decided against performing additional actions on this product due to one of the following reasons:</SPAN></P> <P>&nbsp;</P> <P><SPAN class="qtr-margin-top "> - The product is no longer maintained, having reached End of Software Maintenance. </SPAN></P> <P><SPAN class="qtr-margin-top ">- The product is still being maintained, but a business decision was made not to upgrade the vulnerable product.</SPAN></P> <P><SPAN class="qtr-margin-top "> - The product uses the affected third-party component in such a way as to not be affected by these vulnerabilities. </SPAN></P> <P>&nbsp;</P> <P><SPAN class="qtr-margin-top "><STRONG>Conditions:</STRONG> Device with default configuration. </SPAN></P> Thu, 27 Jan 2022 14:39:15 GMT https://community.cisco.com/t5/network-security/cve-not-found-openssh-vulnerabilitiy/m-p/4540374#M1086822 balaji.bandi 2022-01-27T14:39:15Z https://community.cisco.com/t5/network-security/cve-not-found-openssh-vulnerabilitiy/m-p/4540832#M1086837 <BLOCKQUOTE><HR /><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/563102">@moorec43</a>&nbsp;wrote:<BR /> <P><SPAN>I have recently had some openSSH vulnerabilities show up on a report for some of my switches and routers and when I searched the CVE on Cisco's advisory page nothing came up.</SPAN></P> <HR /></BLOCKQUOTE> <P><A href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4" target="_self" rel="nofollow noopener noreferrer">ConfD CLI Secure Shell Server Privilege Escalation Vulnerability</A></P> Fri, 28 Jan 2022 00:04:22 GMT https://community.cisco.com/t5/network-security/cve-not-found-openssh-vulnerabilitiy/m-p/4540832#M1086837 Leo Laohoo 2022-01-28T00:04:22Z