cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
251
Views
0
Helpful
1
Replies

vulnrability result with CBS 350 switches Open SSH 7.3

wikinetwork
Level 1
Level 1

Anyone have idea what to do with this Vulnrability reported by a Vulscan service.this is for a cisco CBS 350 series switch

the switch is upgraded to latest frimware exist on cisco website , any idea how to fix this issue with open ssh7.4

Summary

openssh is prone to multiple vulnerabilities.

Related CVE

CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-10708

Affected Nodes: Internal
172.16.2.154 (34:B8:83:F5:8C:C6)

Vulnerability Detection Result

Installed version: 7.3p1.RL Fixed version: 7.4 Installation path / port: 22/tcp

Impact

Successfully exploiting this issue allows local users to obtain sensitive private-key information, to gain privileges, conduct a senial-of-service condition and allows remote attackers to execute arbitrary local PKCS#11 modules.

Solution

Upgrade to OpenSSH version 7.4 or later.

 

1 Reply 1

jamegill
Cisco Employee
Cisco Employee

Hi @wikinetwork  -- I see you're not getting any good feedback here, probably because you've posted the question in the area for Cisco Secure Network Analytics, not for the CBS 350 switch.  I don't know if the question can be moved, so maybe post it over here.

Good Luck!

--jg