Cisco IPS SSM20 Vulnerability

BCTC Ft.Riley · ‎08-24-2012

Hello, does anyone know if the IPS can be updated to SSH 2? We have conducted scans on the IPS that fail OpenSSH X11 Port Forwarding Session and cannot find a command that will allow us to update to SSH 2. The vulnerability is CVE-2008-1483 and CVE-2008-3234, any help would be appreciated also any documentation would help as well.

Thanks

Jennifer Halim · ‎08-25-2012

You can disable SSHv1 as per the following thread:

https://supportforums.cisco.com/message/3333997

Hope that helps.

BCTC Ft.Riley · ‎08-27-2012

hello Jennifer,

thank you for the response, my question now is following what you have given me to implement, does this upgrade it to ssh version 2?

BCTC Ft.Riley · ‎08-27-2012

Jennifer, I think were talking about two different IPS's. I have the module that plugs into the Cisco ASA firewall and not a 4200. I tried to put the commands that you gave me but there is no such command on the IPS which leads me to believe that we are talking about two different IPS's.

Julio Carvajal · ‎08-28-2012

Hello,

It's the same software, give it a try one more time:

Follow the next procedure as Jeniffer said

su -
cd /etc/ssh
cp sshd_config sshd_config.old
sed -r '/^#?Protocol /cProtocol 2' sshd_config.old > sshd_config

## to apply the changes do:
/etc/init.d/cids reboot

Remember to rate all the posts that help

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Jennifer Halim · ‎08-28-2012

You would need to log in to the IPS using service account.