About kbenedict1

kbenedict1 · 04-29-2024

Title says it all. Anyone encounter this yet?

kbenedict1 · 04-30-2024

Yes, it's 9.1 for 7.4.1.1. The problem is that the aforementioned CVEs are all about SSH versions less than 9.6. I understand that Cisco says they're not vulnerable, but many are, so I'm wondering why they think they're not.

kbenedict1 · 04-30-2024

Opening a TAC case was the first thing I did. I was wondering if anyone else is encountering this, and if they are, what are they doing. Anyone who has to meet any sort of compliance should be talking about this. It's odd that it's eerily quiet.

kbenedict1 · 04-30-2024

Putty event log reports 9.1 is the remote client.Nessus scan reports 9.1.CVE-2023-48795, CVE-2023-51384, CVE-2023-51385 are the known vulnerabilities.Any other questions? I was hoping for a Cisco response on why they’re are packaging vulnerable versi...

kbenedict1 · 04-29-2024

Every Firepower software has a vulnerable SSH version I believe. The most recent 7.4.1.1 has 9.1 which is incredibly low and vulnerable.

kbenedict1 · 03-05-2024

Why is this not more upvoted? This solved it for me. Pre-populated everything for me. Thanks!

Member Since	‎03-05-2024 10:21 AM
Date Last Visited	‎05-08-2024 12:01 AM
Posts	6

User Statistics

User Activity

FTD and FMC 7.4.1.1 downgrades SSH to 9.1 - Now more vulnerable

Re: FTD and FMC 7.4.1.1 downgrades SSH to 9.1 - Now more vulnerable

Re: FTD and FMC 7.4.1.1 downgrades SSH to 9.1 - Now more vulnerable

Re: FTD and FMC 7.4.1.1 downgrades SSH to 9.1 - Now more vulnerable

Re: OpenSSH vulnerability firepower

Re: Cisco AnyConnect.pkg - Microsoft Intune deployment (MDM)