After some reports in OpenVAS, I always receive a error message that says that I should upgrade OpenSSH to higher version (7.4 or above) in my Meraki switch. The point is they do not have OpenSSH installed and I don’t know why this appear.
Anyone knows why?
GreenBone Security Assistant version 20.08.1~git
Kali Linux 2018.3
That does seem strange. I looked into the Meraki switch and not sure why it’s flagged either. I did notice the version of Greenbone Security Assistant you’re running is older (and end of life). Our current version of the Greenbone Vulnerability Management suite is in the 21 series (info here at: GVM 21.04 (stable, initial release 2021-04-16)), can you please let us know if it’s still behaving like that with the current version? Thanks!
After exchange messages with Cisco and internal networking team, they’ve said that the vulnerabilities listed there are not related to OpenSSH in any case, because Meraki switch are not running under Windows OS…
Please note Enterprise (including Cisco) Products are only covered complete by our Enterprise Feed.
sshpty.c is taken from OpenSSH 3.5p1,
Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
All rights reserved
"As far as I am concerned, the code I have written for this software
can be used freely for any purpose. Any derived versions of this
software must be clearly marked as such, and if the derived work is
incompatible with the protocol description in the RFC file, it must be
called by a name other than "ssh" or "Secure Shell". "
and strlcat() (included in util.c) are from OpenSSH 3.6.1p2, and are licensed
under the 2 point BSD license.
Those IPs that appear in our OpenVAS showing errors with OpenSSH are related to two Cisco switches that I connect via SSH, but there is the latest version installed and there are no using that protocol…