BugZero | Cisco BugID CSCwi09578 - Vulnerabilities in openssh 7.6p1

Cisco - Defect ID: CSCwi09578

Vulnerabilities in openssh 7.6p1

Cisco - Defect ID: CSCwi09578

Vulnerabilities in openssh 7.6p1

Last updated on July 26th, 2024

BugZero Risk Score
7.4 High

Overall: 7.4

Severity: 8.2

Lifecycle: 4.0

Popularity: 4.6

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

Symptom

This product includes Third-party Software that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2007-2768 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2768 CVE-2018-15473 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473 CVE-2018-15919 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15919 CVE-2018-20685 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685 CVE-2019-6109 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109 CVE-2019-6110 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6110 CVE-2019-6111 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 CVE-2020-14145 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14145 CVE-2021-28041 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28041 CVE-2021-41617 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617 After analysis, Cisco has decided against performing additional actions on this product due to one of the following reasons: - The product is no longer maintained, having reached End of Software Maintenance. - The product is still being maintained, but a business decision was made not to upgrade the vulnerable product. - The product uses the affected third-party component in such a way as to not be affected by these vulnerabilities.

Conditions

Device with default configuration.

Workaround

Not available or not applicable.

Further Problem Description

Additional details about the vulnerabilities listed above can be found at https://www.cve.org/. PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 3.0 score. The Base CVSS score as of the time of evaluation is: 7.5 https://tools.cisco.com/security/center/cvssCalculator.x?version=3.0&vector=CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C CVE ID CVE-2007-2768, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-28041, CVE-2021-41617 have been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Change history

2024-07-26 Added: 15.2(8g)

Relevant Products

Click on a version to see all relevant bugs

Affected versions:15.2(8g)

Fixed versions: No known fixed versions

Relevant Products

Click on a version to see all relevant bugs

Affected versions:15.2(8g)

Fixed versions: No known fixed versions

Top Cisco Defects

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

Cisco - Defect ID: CSCwi09578

Vulnerabilities in openssh 7.6p1

Cisco - Defect ID: CSCwi09578

Vulnerabilities in openssh 7.6p1

Last updated on July 26th, 2024

BugZero Risk Score7.4 High

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Top Cisco Defects

Ready to prevent the next vendor outage?

Links

BugZero Risk Score
7.4 High