Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
407
Views
0
Helpful
6
Replies

ISE: CVE-2023-28531: Vulnerabilities in openssh 8.0p1

jds5
Level 1
Level 1

‎09-16-2024 08:51 AM

 

Hello,

Do you know what the exact impact of this vulnerability is on an ISE SNS-3655-K9 in version 3.3 P3?

BR,

José

0 Helpful
6 Replies 6

Aref Alsouqi
VIP
VIP

‎09-16-2024 09:40 AM

It's a discovered vulnerability on the Linux based OS which ISE uses as well and it could cause a leakage of some sensitive information or denial of service as per this NetApp link provided by nist.gov:

CVE-2023-28531 OpenSSH Vulnerability in NetApp Products | NetApp Product Security

NVD - CVE-2023-28531 (nist.gov)

0 Helpful

jds5
Level 1
Level 1

‎09-17-2024 12:00 AM

Does version 3.4 fix this vulnerability?

0 Helpful

jds5
Level 1
Level 1

‎09-18-2024 02:40 AM

Hello, 

Does someone have this information? Thank you,

BR,

0 Helpful

Aref Alsouqi
VIP
VIP

‎09-24-2024 02:39 AM

Looking at the resolved bugs list in ISE 3.4 it does not seem to include it:

Release Notes for Cisco Identity Services Engine, Release 3.4 - Cisco

0 Helpful

Kyle Stewart
Level 1
Level 1

‎10-04-2024 07:15 AM

I would be nice if this was included in P4 coming sometime this month (which fixes CVE-2024-20469). 

0 Helpful

Kyle Stewart
Level 1
Level 1

‎10-07-2024 07:18 AM - edited ‎10-07-2024 07:19 AM

Look here. This doesn't affect ISE at all. Change the criteria to Not Affected and you'll see that confirmation. I'm sure this has to do with using customized versions of OpenSSH but vulnerability scanners only look at the version # (at least some of them).

https://sec.cloudapps.cisco.com/security/center/cvr?cveIdList=CVE-2023-28531#~cve

0 Helpful
Customers Also Viewed These Support Documents