Cisco is warning of multiple products vulnerable to regreSSHion
Take action: If you are using Cisco equipment - especially if it's exposed to the internet, start reviewing the advisory and checking your devices. It may be needed that you lock down some access to SSH for a period until patches are available.
Learn More
Cisco has issued an advisory that multple product categories are vulnerable to remote code execution (RCE) vulnerability in SSH, dubbed “regreSSHion,”.
The affected products span various categories, including Network and Content Security Devices, Network Management and Provisioning, Routing and Switching, Unified Computing, Voice and Unified Communications Devices, Video and TelePresence Devices, and Wireless devices. Cisco is working to release fixed versions of the software where applicable.
Below is a detailed summary of the affected products and the current status of fixes:
Network and Content Security Devices
- Adaptive Security Appliance (ASA) Software
- Firepower Management Center (FMC) Software
- Firepower Threat Defense (FTD) Software
- FXOS Firepower Chassis Manager
- Identity Services Engine (ISE)
- Secure Network Analytics
Network Management and Provisioning
- Crosswork Data Gateway - Fixed Release: 7.0.0 (August 2024)
- Cyber Vision
- DNA Spaces Connector
- Prime Infrastructure
- Smart Software Manager On-Prem
- Virtualized Infrastructure Manager
Routing and Switching - Enterprise and Service Provider
- ASR 5000 Series Routers
- GGSN Gateway GPRS Support Node
- IP Services Gateway (IPSG)
- MME Mobility Management Entity
- Nexus 3000 Series Switches
- Nexus 9000 Series Switches in standalone NX-OS mode
- PDSN/HA Packet Data Serving Node and Home Agent
- PGW Packet Data Network Gateway
- System Architecture Evolution Gateway (SAEGW)
- Ultra Cloud Core 5G Policy Control Function
- Ultra Packet Core
Unified Computing
- Intersight Virtual Appliance
Voice and Unified Communications Devices
- Emergency Responder
- Unified Communications Manager / Unified Communications Manager Session Management Edition
- Unified Communications Manager IM & Presence Service
- Unity Connection
Video, Streaming, TelePresence, and Transcoding Devices
- Cisco Meeting Server - Fixed Releases: SMU - CMS 3.9.2 (August 2024), SMU - CMS 3.8.2 (August 2024)
- Expressway Series - Fixed Releases: X15.0.3 (July 2024), X15.2.0 (September 2024)
- TelePresence Video Communication Server (VCS) - Fixed Releases: X15.0.3 (July 2024), X15.2.0 (September 2024)
Wireless
- 6300 Series Embedded Services Access Points
- Aironet 802.11ac Wave2 Access Points
- Aironet 1540 Series
- Aironet 1560 Series
- Catalyst 9100 Series Access Points
- Catalyst IW6300 Heavy Duty Series Access Points
- Catalyst IW9165 Heavy Duty Series
- Catalyst IW9165 Rugged Series
- Catalyst IW9167 Heavy Duty Series
- Connected Mobile Experiences
- IEC6400 Edge Compute Appliance
Cisco will continue to update the advisory as new information becomes available.
