topic Re: FTD and FMC 7.4.1.1 downgrades SSH to 9.1 - Now more vulnerable in Network Security

FTD and FMC 7.4.1.1 downgrades SSH to 9.1 - Now more vulnerable

kbenedict1 — Tue, 30 Apr 2024 03:09:29 GMT

Title says it all. Anyone encounter this yet?

Re: FTD and FMC 7.4.1.1 downgrades SSH to 9.1 - Now more vulnerable

Mark Elsen — Tue, 30 Apr 2024 05:42:11 GMT

>...Title says it all.
- It doesn't or even 'far less' ;

- How did you determine that SSH was downgraded , how do you retrieve the 9.1 version info ?
- Why do you think it is now more vulnerable ? What testing methodologies did you use to conclude that ?

Re: FTD and FMC 7.4.1.1 downgrades SSH to 9.1 - Now more vulnerable

kbenedict1 — Tue, 30 Apr 2024 10:41:09 GMT

Putty event log reports 9.1 is the remote client.

Nessus scan reports 9.1.

CVE-2023-48795, CVE-2023-51384, CVE-2023-51385 are the known vulnerabilities.

Any other questions? I was hoping for a Cisco response on why they’re are packaging vulnerable versions of SSH in new software upgrades, not a challenge of basic understanding of viewing a putty log and looking up known CVEs.

Re: FTD and FMC 7.4.1.1 downgrades SSH to 9.1 - Now more vulnerable

Mark Elsen — Tue, 30 Apr 2024 12:17:26 GMT

>... I was hoping for a Cisco response
- You are on a support forum populated by Cisco customers on a volunteering basis. For official support and letting Cisco know your concerns you need to create a TAC case ,

Re: FTD and FMC 7.4.1.1 downgrades SSH to 9.1 - Now more vulnerable

kbenedict1 — Tue, 30 Apr 2024 12:23:07 GMT

Opening a TAC case was the first thing I did. I was wondering if anyone else is encountering this, and if they are, what are they doing. Anyone who has to meet any sort of compliance should be talking about this. It's odd that it's eerily quiet.

Re: FTD and FMC 7.4.1.1 downgrades SSH to 9.1 - Now more vulnerable

Mark Elsen — Tue, 30 Apr 2024 12:34:22 GMT

- I can follow you on those considerations and or perhaps others already having TAC cases launched and getting insights (sometimes....) ,

Re: FTD and FMC 7.4.1.1 downgrades SSH to 9.1 - Now more vulnerable

Mark Elsen — Tue, 30 Apr 2024 12:58:43 GMT

(-Added) : https://sec.cloudapps.cisco.com/security/center/home.x#:

Re: FTD and FMC 7.4.1.1 downgrades SSH to 9.1 - Now more vulnerable

Marvin Rhoads — Tue, 30 Apr 2024 19:10:31 GMT

My Firepower 7.2.5 reports OpenSSH 8.0.

I scanned a 7.4.1.1 FMC and it reports 9.1 (as does a 7.6 beta FMC)

What version did you see with something higher than 9.1?

Re: FTD and FMC 7.4.1.1 downgrades SSH to 9.1 - Now more vulnerable

kbenedict1 — Tue, 30 Apr 2024 19:21:06 GMT

Yes, it's 9.1 for 7.4.1.1. The problem is that the aforementioned CVEs are all about SSH versions less than 9.6. I understand that Cisco says they're not vulnerable, but many are, so I'm wondering why they think they're not.

Re: FTD and FMC 7.4.1.1 downgrades SSH to 9.1 - Now more vulnerable

Marvin Rhoads — Wed, 01 May 2024 03:04:18 GMT

It appears some FX-OS versions are affected and that Cisco has developed a fix internally that is not yet posted.

The "Fixed release" build number can be a bit challenging to decipher but it appears 2.14.1.149 and higher have the fix (2.14.1.143 is the latest available on the downloads site as of today (1 May 2024).

Reference: https://bst.cisco.com/bugsearch/bug/CSCwi60430

I would cite that in your open TAC case. Please let us know what they say.

I have yet to see where Cisco downgraded any previously included OpenSSH module present in any previously released FMC or FTD.