OpenSSH 7.4 Not Installed Multiple Vulnerabilities

afesenko · ‎06-03-2019

Hello,

The following vulnerability was confirmed by the security scanner:

Multiple Vulnerabilities have been reported in OpenSSH v7.3 and earlier. These vulnerabilities if exploited will allow code execution, privilege escalation, information disclosure and denial of service attacks. Details: https://www.tenable.com/plugins/nnm/9855.

We have a number of vESA machines ver. 12.1 but they all are compiled with OpenSSH_6.6.1. I wonder whether some hotpatch is planned for some near future to address this vulnerability?

Thanks,

Andrii

dmccabej · ‎06-03-2019

Hello,

You can look for the CVE on our bug search tool to see if there's an existing defect for it and if that defect is resolved in a particular AsyncOS version. If not, you can open a TAC case and we can get one filed to evaluate the CVE(s).

You can also search for the CVE using the Cisco PSIRT advisory page: here.

Thanks!

-Dennis M.

OpenSSH 7.4 Not Installed Multiple Vulnerabilities

OpenSSH Multiple Vulnerabilities - Cisco ISE Version 3.2.0.401

N3548 ecounter OpenSSH < 9.6 Multiple Vulnerabilities

OpenSSH regreSSHion vulnerability in FMC

CSCwk62296 - Evaluation of ssp for OpenSSH regreSSHion vulnerability

Risk Meter Vulnerabilities