09-29-2024 11:01 PM - edited 09-29-2024 11:38 PM
Hi,
As it is known, OpenSSH vulnerability is found on some Cisco products. On security related sites, is it told that this vulnerability is resolved on OpenSSH 9.8p1. So OpenSSH versions shoul be upgraded to 9.8p1 to get rid of this vulnerability.
Cisco Meeting Servers are also exposed to this vulnerability. So we upgraded our Cisco Meeting server to 3.9.2 version which is told in this page: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024
But still OpenSSH version is under 9.8 on CMS. It is 9.1. So scanning tools can still find the vulnerability on CMS.
Am I or Is Cisco wrong?
09-30-2024 12:20 AM
- If a vulnerability scanner still reports this problem (in the 'fixed version') , then report back to TAC and ask for an explanation,
M.
09-30-2024 12:31 AM - edited 09-30-2024 12:31 AM
Thanks for reply.
Actually we are on purchasing support stage nowadays. But it haven't completed yet. So I haven't right to consult TAC now. I wanted to know if anyone has the same problem and how did they overcome it.
In addition, I saw that CMS 3.10 version released. I thought, that version may have removed the vulnerability.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide