Re: OpenSSH vulnerability firepower

miteshkumar-patel · ‎03-17-2024

I have Vulnerability comes in scan for openssh. Currently have openssh 8.0 version on firepower. can anyone suggest what version is good for firepower currently. Or is 8.0 ssh version is ok? Appreciate your response.

balaji.bandi · ‎03-18-2024

that should be ok i guess - again check what version of FTD code running, some version have new fix :

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy13543

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

moeez-hussain · ‎03-25-2024

Dear Experts,

below listed devices are running on my network with their respective IOS versions mentioned, now it seems like the IOS is the suggested one as it is stable. But once our security advisor runs a VA/PT Test on it show OpenSSH Vulnerabilities can any one tell me if there any Hot Fixes available to get them fixed ? These Vulnerabilities are marked as High and IOS is the updated one how to get these fixed. Below is the list of Vulnerabilities local vendor support have no clue or any idea about it.

OpenSSH XMSS Pre-authentication Integer Overflow Vulnerability

OpenSSH scp.c Remote Function Command Injection

OpenSSH sshd Improper Privilege Management

OpenSSH XMSS Pre-authentication Integer Overflow Vulnerability

OpenSSH scp.c Remote Function Command Injection

OpenSSH sshd Improper Privilege Management

Firepower Management Center:

Secure Firewall Management center VM

Version:7.2.5.1 (Build 29)

OS: Fx-OS 2.12.0 (Build 519)

Firewall-1:

Cisco Firepower 1140 with FTD

Version:7.2.5.1 (suggested version)

Firewall-2:

Cisco Firepower 1140 with FTD

Version:7.2.5.1

kbenedict1 · ‎04-29-2024

Every Firepower software has a vulnerable SSH version I believe. The most recent 7.4.1.1 has 9.1 which is incredibly low and vulnerable.

engineer467 · ‎07-11-2024

Is there a to find out which firepower image have openssh version 9.8?

Thank you.