03-28-2019 03:22 AM
Hello,
I have a couple of cisco SF350-48MP switches and i have the vulnerability of libssh version which is lower than 0.7.6 or lower than 0.8.4.
Yesterday i upgraded the firmware version from tesla 2.3.0.130 to tesla 2.4.5.71 to try to resolve this vulnerability.
In the Document "Open Source Used in 250, 350, 350X and 550X series Switches 2.4.5.x" it says that libssh version that is used is 0.7.5 (which is still lower then the version i need), but i need to see this on my switches to be sure of the version that is used and I'm not finding a command to show this.
When i do "show ip ssh" is says that the version is "SSH 2.0-OpenSSH_7.4p1 Debian-10+deb9u3" .
In the Document i mentioned before it says that the OpenSSH used on this Firmware version is OpenSSH 7.3p1 and so I am being skeptical on libssh version and i want to check it.
Please if anyone can help me with a command or a method to find out libssh version, i will be thankful.
03-28-2019 03:28 AM
Hi there,
Check the "open source used" document for the SG350x. It looks like the same libraries are used for the entire 2.4.5x train, which means your latest version is still using libssh v0.7.5 :
cheers,
Seb.
03-28-2019 06:22 AM
Hi Sab,
Thanks for your reply.
I checked that document and from there i saw that the libssh version is 0.7.5 and open ssh version is 7.3p1.
I checked the open ssh version on my switches and it is actually 7.4p1, and this made me think if maybe the libssh is updated and is higher then 0.7.5 on 2.4.5.71 patch.
Regards
03-28-2019 06:58 AM
We are at the mercy of out of date documentation! I do not believe there is any other way to determine the library version.
cheers,
Seb.
03-29-2019 02:33 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide