05-09-2024 09:37 AM
Hello,
Do we have mitigation for CVE IDs CVE-2023-48795,CVE-2023-51384,CVE-2023-51385 on nexus switches N9K-C93180YC-FX.
one of solution says Upgrade to OpenSSH version 9.6 or later.
How can we check Open ssh version running on nexus switches.
05-09-2024 09:51 AM
- You could try :
% nmap --script ssh2-enum-algos switch-name (or ip address)
M.
05-09-2024 11:26 AM
Hello
Its nexus N9K switches and vulnerability says we need to Upgrade to OpenSSH version 9.6 or later, do we have any steps to upgrade OpenSSH ?
05-10-2024 10:54 AM
Which OS version are you on?
05-10-2024 11:18 AM
I opened a ticket with TAC on this yesterday. He sent me a great link: https://sec.cloudapps.cisco.com/security/center/cvr
Using that link I determined that 10.2(7) is the only one that isn't vulnerable to CVE-2023-48795 or CVE-2023-51384. However, it shows "under investigation" when looking into CVE-2023-51385. Since 10.2(x) already has announced EOL, we're choosing to wait until one of the newer trains has all fixes. I could be wrong, please do your own research.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide