After some reports in OpenVAS, I always receive a error message that says that I should upgrade OpenSSH to higher version (7.4 or above) in my Meraki switch. The point is they do not have OpenSSH installed and I don’t know why this appear.
Anyone knows why?
GreenBone Security Assistant version 20.08.1~git
Kali Linux 2018.3
Hi @sergi.vila and welcome to the forum
That does seem strange. I looked into the Meraki switch and not sure why it’s flagged either. I did notice the version of Greenbone Security Assistant you’re running is older (and end of life). Our current version of the Greenbone Vulnerability Management suite is in the 21 series (info here at: GVM 21.04 (stable, initial release 2021-04-16)), can you please let us know if it’s still behaving like that with the current version? Thanks!
Hi @DeeAnn, thanks for replying my thread.
I’ve updated to newer version (21.4.3) and message still appears… any newer idea?
Many thanks for all!
Thanks for checking! I don’t know a workaround for this, but I’ll pass this on to the developers to let them know.
You can get the info how OpenSSH was detected from the output of the following VT in your report (you need to update your filter to show “Log” level results accordingly):
Name: OpenSSH Detection Consolidation
As the OpenSSH checks are quite strict i guess one of the following three things applies:
- The Meraki switch is indeed running OpenSSH and is exposing an OpenSSH banner
- The Meraki switch is not running OpenSSH but “emulating” an OpenSSH banner
- There is a port forwarding enabled in the Meraki switch which exposes an SSH service from a system running in your internal network and thus the OpenSSH banner of that SSH service is exposed
Hello and thanks for replying,
After exchange messages with Cisco and internal networking team, they’ve said that the vulnerabilities listed there are not related to OpenSSH in any case, because Meraki switch are not running under Windows OS…
How can be updated and whitelisted those errors?
Sorry but this is the most stupid response and i suppose that was not done by any Cisco engineer from Cisco.
OpenSSH is mainly used under Linux and other embedded operating systems.
As cfi already suspected, they use OpenSSH Source code if you follow that link documented here.
Please note Enterprise (including Cisco) Products are only covered complete by our Enterprise Feed.
sshpty.c is taken from OpenSSH 3.5p1,
Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
All rights reserved
"As far as I am concerned, the code I have written for this software
can be used freely for any purpose. Any derived versions of this
software must be clearly marked as such, and if the derived work is
incompatible with the protocol description in the RFC file, it must be
called by a name other than "ssh" or "Secure Shell". "
and strlcat() (included in util.c) are from OpenSSH 3.6.1p2, and are licensed
under the 2 point BSD license.
Those IPs that appear in our OpenVAS showing errors with OpenSSH are related to two Cisco switches that I connect via SSH, but there is the latest version installed and there are no using that protocol…
If Cisco is using vulnerable code, your switch is vulnerable if OpenSSH is used EoT.
Please ask your Cisco rep. if your Linux running on the switch is vulnerable to that version.
If you need a specific Cisco VT that can only be handled via Greenbone Enterprise Feed.
Please understand that the Generic OpenSSH VT is correctly reporting that vulnerability, so no false positive here.