Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2788
Views
10
Helpful
3
Replies

Nexus 7000 v6.2(10) - OpenSSH MaxAuthTries Limit Bypass Vulnerability

Go to solution
alex.sykes1
Level 1
Level 1

‎12-08-2015 09:15 AM - edited ‎03-08-2019 03:01 AM

Hi All,

We are running Nexus 7000's - v6.2(10) - and a Nessus scan is reporting this vulnerability:

OpenSSH MaxAuthTries Limit Bypass Vulnerability

The solution says to upgrade to OpenSSH 7.0 or later.

Do you know how I would do this?  Is an OS upgrade required or is there anything else I can do?

Many thanks in advance.

Kind regards

Alex

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎12-08-2015 01:58 PM

Hi Alex,

You would need to install new NX-OS software.

Incidentally if you need to check the current version of openSSH just telnet to port 22 .

With the ASA, Cisco publish opensource licence info:

http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/products-licensing-information-listing.html

...sadly with the Nexus, this information is lacking and not very up to date:

http://www.cisco.com/c/en/us/support/switches/nexus-7000-series-switches/products-licensing-information-listing.html

cheers,

Seb.

View solution in original post

3 Replies 3

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎12-08-2015 01:58 PM

Hi Alex,

You would need to install new NX-OS software.

Incidentally if you need to check the current version of openSSH just telnet to port 22 .

With the ASA, Cisco publish opensource licence info:

http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/products-licensing-information-listing.html

...sadly with the Nexus, this information is lacking and not very up to date:

http://www.cisco.com/c/en/us/support/switches/nexus-7000-series-switches/products-licensing-information-listing.html

cheers,

Seb.

Go to solution
alex.sykes1
Level 1
Level 1
In response to Seb Rupik

‎12-09-2015 01:28 AM

Hi Seb,

Thank you so much for your quick response, it really is appreciated.

Thanks also for the tip to find out the openSSH version.  I've been looking for a good way to fund that out for a while.

Kind regards

Alex

0 Helpful

Go to solution
mohdtaamneh
Level 1
Level 1
In response to Seb Rupik

‎02-07-2016 01:33 AM

Hi All,

I have the same problem on nexus 9504 running latest 7.0(3)I1(3) and security scan showing the same vulnerability: openssh maxauthtries bypass.

I can see no license information available for 7.0(3)I1(3).

How to fix this  vulnerability?

Best Regards,

Mohammad Taamneh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card