OPERATIONAL DEFECT DATABASE
...
...
This product includes Third-party Software that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2023-48795 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
workaround for ISE <=3.1 --------------------------------- for example below cipher is vulnerable cipher 1. chacha20-poly1305@openssh.com if we want to disable the cipher chacha20-poly1305@openssh.com follow the below. ise31/admin# configure terminal Enter configuration commands, one per line. End with CNTL/Z. ise31/admin(config)# no service sshd encryption-algorithm chacha20-poly1305@openssh.com ise31/admin# end ise31/admin# copy running-config startup-config workaround for ISE > 3.1 -------------------------------- for example below cipher is vulnerable cipher 1. chacha20-poly1305@openssh.com if we want to disable the cipher chacha20-poly1305-openssh.com follow the below. ise32/admin# configure terminal Enter configuration commands, one per line. End with CNTL/Z. ise32/admin(config)# no service sshd encryption-algorithm ise32/admin(config)# service sshd encryption-algorithm aes128-cbc aes128-ctr aes128-gcm-openssh.com aes256-cbc aes256-ctr aes256-gcm-openssh.com ise32/admin# end check for workaround all versions ----------------------------------------- check that the correct cipher is removed and the other ciphers remain, do the following: ise/admin# show running-config | include sshd If no encryption-algorithm options are configured, then all ciphers will be allowed and this workaround will not be valid. If chacha20-poly1305@openssh.com is still configured as one of the encryption-algorithm options, then this vulnerability will still be present.
Additional details about the vulnerabilities listed above can be found at https://www.cve.org/.
The Cisco PSIRT has assigned this bug the following CVSS version 3.1 score. The Base CVSS score as of the time of evaluation is: 5.9 https://sec.cloudapps.cisco.com/security/center/cvssCalculator.x?version=3.1&vector=CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE ID CVE-2023-48795 have been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
