Hi All,

I have nexus 9504 running 7.0(3)I1(3) and security scan showing the following vulnerability: openssh maxauthtries bypass. This vulnerability is fixed in openssh 7.0:

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5600

I can see no license information available for 7.0(3)I1(3) to confirm which openssh version is using. But 7.0(3)I2(1) -more recent- is using openssh 6.6.1 which not containing the fix:

• http://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/open_source/Cisco_Nexus_9000_Series_NX-OS_703I21.pdf

Any help on how to get a fix for this vulnerability? 

Best Regards,

Mohammad Taamneh