Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
693
Views
0
Helpful
0
Replies

Cisco Security Advisory CPU Side-Channel Information Disclosure Vulnerabilities

Yuhsi Takahashi
Cisco Employee
Cisco Employee

‎07-30-2019 10:04 AM

Dear Experts,

 

My customer is receiving some security alarms regarding certain vulnerabilities impacting their CSPC Server (ver 2.8.1.4 and 2.8.1.5, which is the latest). I have gone through them, but I have not found anything related to the CSPC Server, however the customer insists that their Scanning Tool indicates that these vulnerabilities impact their CSPC Server.

The CSPC server uses telnet, SSH, SNMP, CDP and some routing protocols to discover the network devices.

 

I would like to know if you are able to help me clarify this situation so that I can share that with my customer. This is the information I have collected from the customer so far:

 

  • Scanner name, version, scanner signature version
    • Qualys: ABI_NA (Scanner 11.4.24-1, Vulnerability Signatures 2.4.663-3)
  • I asked the customer for the complete report from the scanner and I will share it once I receive it
  • Name, software release in use and "show tech" or equivalent from device being tested. Should include full device configuration.
    • Server manufacturer, model. Version of VMWare running, the more information regarding both HW and SW the better.
  • Common Vulnerability and Exposure (CVE) ID for each one of the vulnerabilities reported by the scanner.
    • SSH Server Public Key Too Small          N/A
    • Deprecated SSH Cryptographic Settings           
    • OpenSSH Multiple Vulnerabilities           CVE-2015-5600
    •                                                           CVE-2015-6563
    •                                                           CVE-2015-6564
    • OpenSSH 7.4 Not Installed Multiple Vulnerabilities         CVE-2016-10009
    •                                                                                  CVE-2016-10010
    •                                                                                  CVE-2016-10011
    •                                                                                  CVE-2016-10012
    •                                                                                  CVE-2016-8858
    • Apache Tomcat Remote Code Execution Vulnerability                CVE-2019-0232
    • OpenSSH Xauth Command Injection Vulnerability                     CVE-2016-3115
    • OpenSSH Username Enumeration Vulnerability                         CVE-2018-15473
    • OpenSSH Commands Information Disclosure Vulnerability         CVE-2012-0814
    • OpenSSH LoginGraceTime Denial of Service Vulnerability          CVE-2010-5107
    • OpenSSH Information Disclosure and Denial of Service Vulnerability      CVE-2016-0777
    •                                                                                                         CVE-2016-0778
    • OpenSSH "child_set_env()" Security Bypass Issue        CVE-2014-2532

 

Thank you very much for your support.

2 people had this problem
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents