CSPC Security Vulnerability CVE-2016-1908

IOCNetwork1911 · ‎01-05-2024

Number for SSH vulnerability: CSPC Security Vulnerability

Description: OpenSSH Improper Failed Cookie Generation Handling Vulnerability

Please advise a method on finding the existing OpenSSH version of the CSPC from GUI.

jboyanob · ‎01-05-2024

Hello Sir,

Thank you for contacting Cisco.

We are investigating your request; I'll be with you in a moment

Kindly regards,

IOCNetwork1911 · ‎01-05-2024

I have one vulnerability reported on CSPC collector which is given as below :-
Apache Tomcat Improper Resource Release Vulnerability (CVE-2022-25762)
Description of the vulnerability is given below :-
Apache Tomcat is an open source web server and servlet container developed by the Apache Software Foundation.
A vulnerability in Apache Tomcat results in Improper Resource Shutdown
Affected Versions:
Apache Tomcat 9.0.0.M1 to 9.0.20
Apache Tomcat 8.5.0 to 8.5.75
QID Detection Logic (Unauthenticated):
The QID checks for vulnerable version by sending a GET /QUALYS730242 HTTP/1.0 request which helps in retrieving the installed version of Apache Tomcat in the banner of the response.

jboyanob · ‎01-05-2024

Hello, @IOCNetwork1911

I hope you are having a great day.

In order to check the OpenSSH version on the collector, please follow the next steps:

1. Login as collectorlogin using SSH

2. Write the command su -

3. It will request you the root password.

4. After you are in root mode you need to use the command ssh -V . It will show you the OpenSSH version.

Please check and let me know.

Kindest regards,

IOCNetwork1911 · ‎01-08-2024

Hello,

Currently , CSPC collector is only accessible via GUI. Is there a way to reset the password of CLI from GUI.

Thanks,

Srinath

jboyanob · ‎01-09-2024

Hello, @IOCNetwork1911

I hope you are doing well.

If you don't have any of the CLI passwords (admin, root, collectorlogin), the recommendation would be to perform a new deployment.

Here you can find some of the guides needed.

Installation guide for OVA 2.10.0.1 installation.

Quick start guide for configuration.

Upgrade guide is for 2.10.0.7 patch installation instructions.

Kindest regards,

IOCNetwork1911 · ‎01-10-2024

OpenSSH version 5.3 is detected on tcp port 22 as per the plug output in the report. what will be the solution to mitigate the Open SSH vulnerability ?

jboyanob · ‎01-10-2024

Hello, @IOCNetwork1911

I hope you are having a great day.

Can you please provide the next details by internal message:

- Company Name

- Inventory Name

- CSPC ID

- CSPC Version

Kindest regards,

IOCNetwork1911 · ‎01-11-2024

Hi,

How do i send an internal message ? can you please share me your email ID ?

IOCNetwork1911 · ‎01-11-2024

Hi

The CLI credential "admin" seems to be locked. is it possible to unlock the account using GUI access ?

jboyanob · ‎01-11-2024

Hello, @IOCNetwork1911

I hope you are doing great.

In this case, admin CLI user can't be unlocked using the GUI.

Regarding the information requested, you can send me an internal message if you click on my username and then click on Send private message.

Kindest regards,

IOCNetwork1911 · ‎01-18-2024

Is there any way to upgrade Open SSH version to 7.2 from 5.3

Current version used is 5.3 as seen from output of the command ssh -V

OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

jboyanob · ‎01-19-2024

Hello, IOCNetwork1911

I hope you are doing great. Can you please confirm the CSPC Version and details by private message?

You can use the latest version of the collector (2.10.0.7) and it contain a most recent version of Open SSH. For example 2.10.0.6 contains OpenSSH_7.4p1 version.

Kindest regards,

IOCNetwork1911 · ‎01-25-2024

Can you please provide support during the upgrade on 26th January at 4 AM CST ?

jboyanob · ‎01-25-2024

Hello, @IOCNetwork1911

I hope you are doing great.

Thanks for the details provided by private message. Regarding the upgrade, the recommendation is to follow the steps on the guides sent or if you need assistance during the upgrade you should open a TAC case. Also, I am not available at 4 AM CST.

Kindest regards,