Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3237
Views
0
Helpful
1
Replies

OpenSSH 7.4 Not Installed Multiple Vulnerabilities

afesenko
Cisco Employee
Cisco Employee

‎06-03-2019 12:25 PM

Hello,

 

The following vulnerability was confirmed by the security scanner:

Multiple Vulnerabilities have been reported in OpenSSH v7.3 and earlier. These vulnerabilities if exploited will allow code execution, privilege escalation, information disclosure and denial of service attacks. Details: https://www.tenable.com/plugins/nnm/9855.

 

We have a number of vESA machines ver. 12.1 but they all are compiled with OpenSSH_6.6.1. I wonder whether some hotpatch is planned for some near future to address this vulnerability?

 

Thanks,

Andrii

1 person had this problem
Labels:
0 Helpful
1 Reply 1

dmccabej
Cisco Employee
Cisco Employee

‎06-03-2019 12:53 PM

Hello,

 

You can look for the CVE on our bug search tool to see if there's an existing defect for it and if that defect is resolved in a particular AsyncOS version. If not, you can open a TAC case and we can get one filed to evaluate the CVE(s).

 

You can also search for the CVE using the Cisco PSIRT advisory page: here.

 

Thanks!

-Dennis M.

0 Helpful
Customers Also Viewed These Support Documents