cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
24617
Views
1
Helpful
4
Replies

vulnerability CVE-2023-48795,CVE-2023-51384,CVE-2023-51385 open SSH

rahul kale
Level 1
Level 1

Hello,

Do we have mitigation for CVE IDs CVE-2023-48795,CVE-2023-51384,CVE-2023-51385 on nexus switches N9K-C93180YC-FX.

one of solution says Upgrade to OpenSSH version 9.6 or later.

 

How can we check Open ssh version running on nexus switches.

4 Replies 4

Mark Elsen
Hall of Fame
Hall of Fame

 

                                     - You could try :
                %  nmap --script ssh2-enum-algos      switch-name (or ip address)

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

Ganesh bangar
Level 1
Level 1

Hello 

 

Its nexus N9K switches and vulnerability says we need to Upgrade to OpenSSH version 9.6 or later, do we have any steps to upgrade OpenSSH ?

Which OS version are you on? 

I opened a ticket with TAC on this yesterday. He sent me a great link: https://sec.cloudapps.cisco.com/security/center/cvr
Using that link I determined that 10.2(7) is the only one that isn't vulnerable to CVE-2023-48795 or CVE-2023-51384. However, it shows "under investigation" when looking into CVE-2023-51385. Since 10.2(x) already has announced EOL, we're choosing to wait until one of the newer trains has all fixes. I could be wrong, please do your own research.