Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco IPS SSM20 Vulnerability

Hello, does anyone know if the IPS can be updated to SSH 2? We have conducted scans on the IPS that fail OpenSSH X11 Port Forwarding Session and cannot find a command that will allow us to update to SSH 2. The vulnerability is CVE-2008-1483 and CVE-2008-3234, any help would be appreciated also any documentation would help as well.

Thanks

Everyone's tags (3)
5 REPLIES
Cisco Employee

Cisco IPS SSM20 Vulnerability

You can disable SSHv1 as per the following thread:

https://supportforums.cisco.com/message/3333997

Hope that helps.

New Member

Cisco IPS SSM20 Vulnerability

hello Jennifer,

thank you for the response, my question now is following what you have given me to implement, does this upgrade it to ssh version 2?

New Member

Cisco IPS SSM20 Vulnerability

Jennifer, I think were talking about two different IPS's. I have the module that plugs into the Cisco ASA firewall and not a 4200. I tried to put the commands that you gave me but there is no such command on the IPS which leads me to believe that we are talking about two different IPS's.

Cisco IPS SSM20 Vulnerability

Hello,

It's the same software, give it a try one more time:

Follow the next procedure as Jeniffer said

su -
cd /etc/ssh
cp sshd_config sshd_config.old
sed -r '/^#?Protocol /cProtocol 2' sshd_config.old > sshd_config

## to apply the changes do:
/etc/init.d/cids reboot

Remember to rate all the posts that help

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
Cisco Employee

Cisco IPS SSM20 Vulnerability

You would need to log in to the IPS using service account.

495
Views
0
Helpful
5
Replies
CreatePlease login to create content