Solved: ACE - Upgrade OpenSSH version w/o upgrading software image

tadeo · ‎08-07-2015

Hello all,

We have a couple of ACE-4710-K9 on our network, and a recent security scan detected that the current version of OpenSSH has a critical vulnerability regarding cookies, and that we need to upgrade it to a version above OpenSSH 4.7.

Is this possible to upgrade this without changing the software image on the devices, and without affecting said devices functions?

Here's the current software on the ACEs:

Software
loader: Version 0.95.1
system: Version A3(2.0) [build 3.0(0)A3(2.0) adbuild_17:35:22-2008/10/01_/auto/adbu-rel4/rel_a3_2_0_dev_build/REL_3_0_0_A3_2_0]
system image file: (hd0,1)/c4710ace-mz.A3_2_0.bin
Device Manager version 1.1 (0) 20080805:0415

If you need anything else, please let me know.

Thank you,

Regards,

Tadeo

Kanwaljeet Singh · ‎08-07-2015

Hi Tadeo,

I don't think you can upgrade or change open ssl version running on ACE without upgrading the image. But if you have a serious vulnerability i would suggest to report it to TAC for evaluation. You may also have a workaround or advisory from CISCO if the version is affected or has vulnerability.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post

Kanwaljeet Singh · ‎08-07-2015

Hi Tadeo,

I don't think you can upgrade or change open ssl version running on ACE without upgrading the image. But if you have a serious vulnerability i would suggest to report it to TAC for evaluation. You may also have a workaround or advisory from CISCO if the version is affected or has vulnerability.

Regards,

Kanwal

Note: Please mark answers if they are helpful.