cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
593
Views
0
Helpful
2
Replies

Ironport SSH Keys Vulnerability patch

fpiccioni
Level 1
Level 1

Hi

customer is running WSA 8.8.0-085. In the available upgrades web pages it is shown the file "cisco-sa-20150625-ironport SSH Keys Vulnerability Fix". When trying to apply it , both from web pages and from CLI, as suggested by RN, it shows the patch as already applied:

Checking if 'Cisco-Ironport SSH Keys Vulnerability' patch is required
'Cisco-Ironport SSH Keys Vulnerability' patch is already applied
Upgrade installation finished.

I think reason should be WSA was upgraded after June 25 to a release already including this patch.

Question:

- How can I be sure SSH keys are ok?

- Why patch remain in the available upgrades? Can I delete it?

 

Thanks in advance

1 Accepted Solution

Accepted Solutions

Atazazuddin Shaikh
Cisco Employee
Cisco Employee

Good Morning

 

Thanks for reaching out,  Here is the link that provide details around this:

https://supportforums.cisco.com/blog/12543046/multiple-default-ssh-keys-vulnerabilities-cisco-virtual-wsa-esa-and-sma

and as for "Why patch remain in the available upgrades? Can I delete it?"

This patch will be removed once you upgrade to version 9.0.x  and at this time can not be "de-provisioned"

 

Regards,

Zack

 

View solution in original post

2 Replies 2

Atazazuddin Shaikh
Cisco Employee
Cisco Employee

Good Morning

 

Thanks for reaching out,  Here is the link that provide details around this:

https://supportforums.cisco.com/blog/12543046/multiple-default-ssh-keys-vulnerabilities-cisco-virtual-wsa-esa-and-sma

and as for "Why patch remain in the available upgrades? Can I delete it?"

This patch will be removed once you upgrade to version 9.0.x  and at this time can not be "de-provisioned"

 

Regards,

Zack

 

Hi Zack

 

thanks for answer. I understand patch is not necessary.

 

Regards