cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6616
Views
6
Helpful
5
Replies

OpenSSH vulnerability in Cisco ISE

Arthur Martez
Level 1
Level 1

Hello! A scan were made to my Cisco ISE and shown a vulnerability in OpenSSH, the recommendations were to upgrade OpenSSH to version >9.6, do anyone knows if there is a CVE documented to this vuln? Or there is any documentation that explain to which version upgrade my ISE?

ISE Version: 3.0.0.458
Installed Patches: 5

 

2 Accepted Solutions

Accepted Solutions

I went through the TAC process for this and I would like to save the next person some time. The mitigation configs from the bug report listed as the solution do stop OpenSSH connections but don't stop the scanner from seeing it as a vulnerability. Hope this helps!

View solution in original post

5 Replies 5

CVE should be universal, so if you know the CVE you should be able to find it on cisco.com and see if it is fixed and what version/patch. Without that info there isn't much we can instruct you on. Whatever you use to scan should give you the CVE.

Yeah, you were right, aparentelly is the CVE-2023-48795, but I only found solved bugs for other Cisco Devices, not for ISE, do you know if theres an announced patch for that CVE and for ISE?

I went through the TAC process for this and I would like to save the next person some time. The mitigation configs from the bug report listed as the solution do stop OpenSSH connections but don't stop the scanner from seeing it as a vulnerability. Hope this helps!

Thank you! It is really helpful