cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
525
Views
0
Helpful
3
Replies

FTD OpenSSH < 9.8 RCE

GilR
Level 1
Level 1

Hello,

We have Cisco 1140 FTDs managed by FMC that are showing up in tenable with OpenSSH < 9.8 RCE vulnerabilities. The closest Cisco advisory I could find regarding this is this: https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-openssh-rce-2024.html and we have applied the 7.2.8.1 update to FMC and the FTDs and it is still showing up as having an OpenSSH version of 9.1. Is there a different fix for this?

3 Replies 3

GSIT1
Level 1
Level 1

our Cisco FRP1120 has same problem, upgraded to 7.4.2 but still reporting the OpenSSH v9.1 bug CVE-2024-6387

Cisco uses a custom fork of OpenSSH called CiscoSSH in their security products and is maintained and versioned separately than OpenSSH.  Vulnerability scanners do not do a proper job of detecting the "version" of CiscoSSH.  I would open a TAC case or work with your account team for an official answer but this could be a false positive.  Also why not 7.4.2.1?

As @ahollifield mentioned, Cisco's fork of OpenSSH fixes that vulnerability as of 7.4.2. Scanners will only pull the OpenSSH v9.1 version number on which CiscoSSH is based and not distinguish Cisco's fixes that are applied to that code branch.

Reference confirming the fix: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024

Also agree that you should patch to 7.4.2.1 for a few additional bug and vulnerability fixes.

Review Cisco Networking for a $25 gift card