09-29-2024 11:01 PM - edited 09-29-2024 11:38 PM
Hi,
As it is known, OpenSSH vulnerability is found on some Cisco products. On security related sites, is it told that this vulnerability is resolved on OpenSSH 9.8p1. So OpenSSH versions shoul be upgraded to 9.8p1 to get rid of this vulnerability.
Cisco Meeting Servers are also exposed to this vulnerability. So we upgraded our Cisco Meeting server to 3.9.2 version which is told in this page: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024
But still OpenSSH version is under 9.8 on CMS. It is 9.1. So scanning tools can still find the vulnerability on CMS.
Am I or Is Cisco wrong?