10-02-2024 09:13 AM
Hello,
We have Cisco 1140 FTDs managed by FMC that are showing up in tenable with OpenSSH < 9.8 RCE vulnerabilities. The closest Cisco advisory I could find regarding this is this: https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-openssh-rce-2024.html and we have applied the 7.2.8.1 update to FMC and the FTDs and it is still showing up as having an OpenSSH version of 9.1. Is there a different fix for this?
10-28-2024 03:01 AM
our Cisco FRP1120 has same problem, upgraded to 7.4.2 but still reporting the OpenSSH v9.1 bug CVE-2024-6387
10-28-2024 05:00 AM
Cisco uses a custom fork of OpenSSH called CiscoSSH in their security products and is maintained and versioned separately than OpenSSH. Vulnerability scanners do not do a proper job of detecting the "version" of CiscoSSH. I would open a TAC case or work with your account team for an official answer but this could be a false positive. Also why not 7.4.2.1?
10-28-2024 08:48 AM
As @ahollifield mentioned, Cisco's fork of OpenSSH fixes that vulnerability as of 7.4.2. Scanners will only pull the OpenSSH v9.1 version number on which CiscoSSH is based and not distinguish Cisco's fixes that are applied to that code branch.
Reference confirming the fix: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024
Also agree that you should patch to 7.4.2.1 for a few additional bug and vulnerability fixes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide