Vulnerability received - Common service platform collector (CSPC) 2.10

IOCNetwork1911 · ‎07-17-2024

Hello

We have received below Vulnerabilities for Cisco Common service platform collector (CSPC) Version 2.10. Could you please help us with a mitigation plan for these vulnerabilities?

OpenSSH Privilege Escalation Vulnerability	38868	OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol. Affected Versions: OpenSSH 6.2 through 8.7 QID Detection Logic: This unauthenticated detection works by reviewing the version of the OpenSSH service.
OpenSSH Command Injection Vulnerability	38901	OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol. OpenSSH contains the following vulnerabilities: OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows. Affected Versions: OpenSSH versions prior to 8.3 QID Detection Logic: This unauthenticated detection works by reviewing the version of the OpenSSH service.
Apache Tomcat Request smuggling Vulnerability (CVE-2023-46589)	730989	Apache Tomcat is an open source web server and servlet container developed by the Apache Software Foundation. Tomcat did not correctly parse HTTP trailer headers. A specially crafted trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Affected versions: Apache Tomcat 8.5.0 to 8.5.95 QID Detection Logic (Unauthenticated): This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
Apache Tomcat Denial of Service (DoS) Vulnerability (CVE-2024-23672,CVE-2024-24549)	731257	Apache Tomcat is an open source web server and servlet container developed by the Apache Software Foundation. It was possible for a WebSocket client to keep a WebSocket connection open leading to increased resource consumption. Affected versions: Apache Tomcat 8.5.0 to 8.5.98 QID Detection: (Authenticated) - Windows This QID checks for registry key value and fetch Version Note: this detection will work for installer based setup only. QID Detection Logic (Unauthenticated): This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.

wsmithtu · ‎07-17-2024

Hello IOCNetwork1911.
Thank you for contacting Cisco.
Let me review this information And I will update you as soon as I get An answer.
Kind regards.

wsmithtu · ‎07-19-2024

Hello IOCNetwork1911.
I have been verifying the information about the Mentioned Vulnerabilities and having in mind the mentioned versions of OpenSSH and Tomcat and the Fact Than the CSPC version 2.10.x.x will reach the End of support Soon, My recommendation is to Deploy the newest CSPC Version Which is 2.11, This Version can been downloaded in Our Software Download Website.
https://software.cisco.com/download/home/286312935/type
Here are the versions Running on CSPC 2.11
Server version: Apache Tomcat/8.5.98
OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022
It does not cover all the Vulnerabilities, However Helps to mitigate most of them.
Kind regards.

IOCNetwork1911 · ‎07-22-2024

Hi @wsmithtu

Thankyou for your kind update. Could you please let us know if 2.11 is a stable version. We need to make sure there wont be any outage or system unavailability due to this update.

wsmithtu · ‎07-23-2024

Hello IOCNetwork1911.
I hope you are doing well.
This is a New version of Collector with a Different OS base.
The 2.10 was based on CentOS and this new one is Based on AlmaLinux.
The Functionality is Exactly the same Since both are Red hat Based.
Until now we haven't received an amount of Cases or reports Pointing to any OS Instability.
Anyway Cisco Is always Working to improve the Systems we use, In order to provide the Better Service Possible.
Go ahead and test it, Hopefully There will not have any issues.
Kind regards.