Yes, it's 9.1 for 7.4.1.1. The problem is that the aforementioned CVEs are all about SSH versions less than 9.6. I understand that Cisco says they're not vulnerable, but many are, so I'm wondering why they think they're not.
Opening a TAC case was the first thing I did. I was wondering if anyone else is encountering this, and if they are, what are they doing. Anyone who has to meet any sort of compliance should be talking about this. It's odd that it's eerily quiet.
Putty event log reports 9.1 is the remote client.Nessus scan reports 9.1.CVE-2023-48795, CVE-2023-51384, CVE-2023-51385 are the known vulnerabilities.Any other questions? I was hoping for a Cisco response on why they’re are packaging vulnerable versi...