cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7038
Views
0
Helpful
2
Replies

Cisco Meeting Server OpenSSH Vulnerability

btamiletisim
Level 1
Level 1

Hi,

As it is known, OpenSSH vulnerability is found on some Cisco products. On security related sites, is it told that this vulnerability is resolved on OpenSSH 9.8p1. So OpenSSH versions shoul be upgraded to 9.8p1 to get rid of this vulnerability. 

Cisco Meeting Servers are also exposed to this vulnerability. So we upgraded our Cisco Meeting server to 3.9.2 version which is told in this page: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024

But still OpenSSH version is under 9.8 on CMS. It is 9.1. So scanning tools can still find the vulnerability on CMS.

Am I or Is Cisco wrong?

 

2 Replies 2

marce1000
VIP
VIP

 

  - If a vulnerability scanner still reports this problem (in the 'fixed version') , then report back to TAC and ask for an explanation,

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Thanks for reply.

Actually we are on purchasing support stage nowadays. But it haven't completed yet. So I haven't right to consult TAC now. I wanted to know if anyone has the same problem and how did they overcome it.

In addition, I saw that CMS 3.10 version released. I thought, that version may have removed the vulnerability.