Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2313
Views
5
Helpful
2
Replies

CVE not found - OpenSSH vulnerabilitiy

Go to solution
moorec43
Level 1
Level 1

‎01-27-2022 06:23 AM

I have recently had some openSSH vulnerabilities show up on a report for some of my switches and routers and when I searched the CVE on Cisco's advisory page nothing came up.

 

Is it safe to assume that this vulnerability does not affect my Cisco products? This CVE just showed up, CVE-2019-16905, and I want to make sure that it doesn't affect the device before saying it is a false positive. Any help would be appreciated.

 

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-27-2022 06:39 AM

May be condition as below :

 

After analysis, Cisco has decided against performing additional actions on this product due to one of the following reasons:

 

- The product is no longer maintained, having reached End of Software Maintenance.

- The product is still being maintained, but a business decision was made not to upgrade the vulnerable product.

- The product uses the affected third-party component in such a way as to not be affected by these vulnerabilities.

 

Conditions: Device with default configuration.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-27-2022 06:39 AM

May be condition as below :

 

After analysis, Cisco has decided against performing additional actions on this product due to one of the following reasons:

 

- The product is no longer maintained, having reached End of Software Maintenance.

- The product is still being maintained, but a business decision was made not to upgrade the vulnerable product.

- The product uses the affected third-party component in such a way as to not be affected by these vulnerabilities.

 

Conditions: Device with default configuration.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎01-27-2022 04:04 PM

@moorec43 wrote:

I have recently had some openSSH vulnerabilities show up on a report for some of my switches and routers and when I searched the CVE on Cisco's advisory page nothing came up.

ConfD CLI Secure Shell Server Privilege Escalation Vulnerability

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card