ISE: CVE-2023-28531: Vulnerabilities in openssh 8.0p1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2024 08:51 AM
Hello,
Do you know what the exact impact of this vulnerability is on an ISE SNS-3655-K9 in version 3.3 P3?
BR,
José
- Labels:
-
Identity Services Engine (ISE)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2024 09:40 AM
It's a discovered vulnerability on the Linux based OS which ISE uses as well and it could cause a leakage of some sensitive information or denial of service as per this NetApp link provided by nist.gov:
CVE-2023-28531 OpenSSH Vulnerability in NetApp Products | NetApp Product Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2024 12:00 AM
Does version 3.4 fix this vulnerability?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2024 02:40 AM
Hello,
Does someone have this information? Thank you,
BR,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-24-2024 02:39 AM
Looking at the resolved bugs list in ISE 3.4 it does not seem to include it:
Release Notes for Cisco Identity Services Engine, Release 3.4 - Cisco
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2024 07:15 AM
I would be nice if this was included in P4 coming sometime this month (which fixes CVE-2024-20469).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2024 07:18 AM - edited 10-07-2024 07:19 AM
Look here. This doesn't affect ISE at all. Change the criteria to Not Affected and you'll see that confirmation. I'm sure this has to do with using customized versions of OpenSSH but vulnerability scanners only look at the version # (at least some of them).
https://sec.cloudapps.cisco.com/security/center/cvr?cveIdList=CVE-2023-28531#~cve
