Solved: Re: Cisco Secure Shell Vulnerability CVE-2020-3200

cbrowne · ‎06-29-2020

Hi

We have a number of 2960S switches which are vulnerable to this PSIRT. The IOS software checker says that the 1st fixed on non-affected release of IOS is 15.2(7)E2.

However, the latest available IOS to download for the 2960S is 15.2(2)E9, which is also vulnerable to the PSIRT.

None of the 2960S' are under support - does anyone know a safe version to upgrade to?

Many thanks

Seb Rupik · ‎06-29-2020

Hi there,

The 2960S end of support date was 5 November 2018, so it is highly unlikely there will be another software release. The last being 15.2.2E9 released back in 2018.

The safest way to mitigate the risk would be to configure ACLs to control what devices can initiate a SSH connection to your switches. So long as you can control those source subnets you should be fine.

cheers,

Seb.

View solution in original post

Seb Rupik · ‎06-29-2020

Hi there,

The 2960S end of support date was 5 November 2018, so it is highly unlikely there will be another software release. The last being 15.2.2E9 released back in 2018.

The safest way to mitigate the risk would be to configure ACLs to control what devices can initiate a SSH connection to your switches. So long as you can control those source subnets you should be fine.

cheers,

Seb.

cbrowne · ‎07-01-2020

Thank you Seb.

Much appreciated. Have a good day.

Chris Browne