Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
32370
Views
0
Helpful
2
Replies

Cisco Meeting Server OpenSSH Vulnerability

btamiletisim
Frequent Visitor
Frequent Visitor

‎09-29-2024 11:01 PM - edited ‎09-29-2024 11:38 PM

Hi,

As it is known, OpenSSH vulnerability is found on some Cisco products. On security related sites, is it told that this vulnerability is resolved on OpenSSH 9.8p1. So OpenSSH versions shoul be upgraded to 9.8p1 to get rid of this vulnerability. 

Cisco Meeting Servers are also exposed to this vulnerability. So we upgraded our Cisco Meeting server to 3.9.2 version which is told in this page: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024

But still OpenSSH version is under 9.8 on CMS. It is 9.1. So scanning tools can still find the vulnerability on CMS.

Am I or Is Cisco wrong?

 

1 person had this problem
0 Helpful
2 Replies 2

Mark Elsen
Hall of Fame
Hall of Fame

‎09-30-2024 12:20 AM

 

  - If a vulnerability scanner still reports this problem (in the 'fixed version') , then report back to TAC and ask for an explanation,

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

btamiletisim
Frequent Visitor
Frequent Visitor
In response to Mark Elsen

‎09-30-2024 12:31 AM - edited ‎09-30-2024 12:31 AM

Thanks for reply.

Actually we are on purchasing support stage nowadays. But it haven't completed yet. So I haven't right to consult TAC now. I wanted to know if anyone has the same problem and how did they overcome it.

In addition, I saw that CMS 3.10 version released. I thought, that version may have removed the vulnerability.

0 Helpful
Customers Also Viewed These Support Documents