CSCwk61938 - ISE Evaluate OpenSSH CVE-2024-6387 "regreSSHion" - 3.3p3

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2024 09:08 AM
Cisco ISE 3.3 Patch 3 still reports as vulnerable. I even tried installing the 3.2 hotfix to get this remediated, but without success.
We need a fix as we need to close this vulnerability.
Solved! Go to Solution.
- Labels:
-
Cisco Bugs
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2024 11:06 AM
- If security requirements are high then only using SSH when needed is currently the only option , indeed
M.
-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2024 10:22 AM
Answer from Cisco TAC for Cisco ISE 3.3 with Patch 3
"The vulnerability is fixed on 3.3 patch 3. So, you should be good on version 3.3 patch 3. if the vulnerability scanner still flags ISE on 3.3 patch 3 is because it is using a variation of OpenSSH 9.1. But this modified version addresses the vulnerability. So you can safely discard the vulnerability scan."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2024 10:10 AM
>....We need a fix as we need to close this vulnerability.
Your only 'talking point' for that is TAC , this group more discusses overall issues with bugs
M/
-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2024 10:31 AM
Got the TAC case, but 2 days without any update. I was wondering if anyone else is going through this.
I think my best option to meet my company deadlines if I don't hear back is to turn off ssh, which is not a great option, but I'm not in a rush to install 3.4 on production servers as it was just released.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2024 11:06 AM
- If security requirements are high then only using SSH when needed is currently the only option , indeed
M.
-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2024 10:22 AM
Answer from Cisco TAC for Cisco ISE 3.3 with Patch 3
"The vulnerability is fixed on 3.3 patch 3. So, you should be good on version 3.3 patch 3. if the vulnerability scanner still flags ISE on 3.3 patch 3 is because it is using a variation of OpenSSH 9.1. But this modified version addresses the vulnerability. So you can safely discard the vulnerability scan."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2024 10:30 AM
- I guess that's ok , but the last sentences are a bit strange 'in legal terms' ; I am not exactly sure what to make of that
(but If they give you guarantees I guess you should be in a 'greenfield' (smile))
M
-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
