Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Security Assesment Violation

We have a customer that had a 3rd party Security Assesment done on thier network. One of the things that came about was the IP phones reported a Dropbear Authentication Flaw. This is CCM 5.1 installation, I have updated the load files on all the phones to SCCP41.8-3-2S and SCCP11.8-3-2S respectively...I don't know if this will resolve the issue or if it is even an issue. Has anyone come across this before.

Thanks,

Joe

1 REPLY
Community Member

Re: Security Assesment Violation

Looks to me like a false-positive based on this info:

04.30.13 - CVE: Not Available

Platform: Unix

Title: Dropbear SSH Server Authentication Bypass

Description: Dropbear SSH Server is a secure shell server. An authentication bypass issue exists in the software, which can allow malicious users to manipulate authentication credentials in order to take control of the process' execution flow. All current versions are affected.

Ref: http://matt.ucc.asn.au/dropbear/dropbear.html

230
Views
0
Helpful
1
Replies
CreatePlease to create content