01-27-2022 06:23 AM
I have recently had some openSSH vulnerabilities show up on a report for some of my switches and routers and when I searched the CVE on Cisco's advisory page nothing came up.
Is it safe to assume that this vulnerability does not affect my Cisco products? This CVE just showed up, CVE-2019-16905, and I want to make sure that it doesn't affect the device before saying it is a false positive. Any help would be appreciated.
Thanks
Solved! Go to Solution.
01-27-2022 06:39 AM
May be condition as below :
After analysis, Cisco has decided against performing additional actions on this product due to one of the following reasons:
- The product is no longer maintained, having reached End of Software Maintenance.
- The product is still being maintained, but a business decision was made not to upgrade the vulnerable product.
- The product uses the affected third-party component in such a way as to not be affected by these vulnerabilities.
Conditions: Device with default configuration.
01-27-2022 06:39 AM
May be condition as below :
After analysis, Cisco has decided against performing additional actions on this product due to one of the following reasons:
- The product is no longer maintained, having reached End of Software Maintenance.
- The product is still being maintained, but a business decision was made not to upgrade the vulnerable product.
- The product uses the affected third-party component in such a way as to not be affected by these vulnerabilities.
Conditions: Device with default configuration.
01-27-2022 04:04 PM
@moorec43 wrote:
I have recently had some openSSH vulnerabilities show up on a report for some of my switches and routers and when I searched the CVE on Cisco's advisory page nothing came up.
ConfD CLI Secure Shell Server Privilege Escalation Vulnerability
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide