...
BugZero updated this defect 36 days ago.
This bug has been filed to evaluate the product Identity Services Engine (ISE) against the vulnerability in the OpenSSH server disclosed on July 1st, 2024: CVE-2024-6387 - Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion) This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024
ISE 2.X and 3.0 are not impacted. ISE 3.1 P1,P2 and P3 are not impacted. ISE 3.1 P4 and later patches are vulnerable. ISE 3.2 is vulnerable ISE 3.3 is vulnerable.
-- A hotpatch for 3.1 is now available at https://software.cisco.com/download/home/283801620/type/283802505/release/HP-3.1-CSCwk61938 -- A hotpatch for 3.2 is now available at https://software.cisco.com/download/home/283801620/type/283802505/release/HP-3.2-CSCwk61938 -- Fix for 3.3 is available in patch 3 - now available at https://software.cisco.com/download/home/283801620/type/283802505/release/3.3%20Patch%203 NOTE: Cisco uses a customized library for SSH, the fix for this vulnerability is implemented in CiscoSSH 1.13.48 (based on OpenSSH 9.1)
Additional details about the vulnerability listed above can be found at http://cve.mitre.org/cve/cve.html PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 3.1 score. The Base CVSS scores as of the time of evaluation are 8.1: https://tools.cisco.com/security/center/cvssCalculator.x?version=3.1&vector=CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html
7.5
ISE Evaluate OpenSSH CVE-2024-6387 "regreSSHion"7.5
Auth Step latency for policy evaluation due to Garbage Collection activity.7.5
Cisco 2800, 3800 and 1560 series APs fail to pass traffic7.5
M500IT Model Solid State Drives on 4100/9300 may go unresponsive after 3.2 Years in service7.5
Access Points stuck in bootloop due to image checksum verification failed7.5
ISE Evaluate OpenSSH CVE-2024-6387 "regreSSHion"7.5
Auth Step latency for policy evaluation due to Garbage Collection activity.7.5
Cisco 2800, 3800 and 1560 series APs fail to pass traffic7.5
M500IT Model Solid State Drives on 4100/9300 may go unresponsive after 3.2 Years in service7.5
Access Points stuck in bootloop due to image checksum verification failed