Cisco

Cisco - SSH Key Auth

Intro do you wanna login into your cisco switches with ssh & public key. you can build your config easily and copy/paste it to your switch(es). Set & Check Variables pubkey: read from ~/.ssh/id_rsa.pub username: root password: will be generated. or set it by hand # get & convert public key pubkey=$(cat ~/.ssh/id_rsa.pub |cut -d' ' -f 2 |fold -b -w 72) # Username Switch username=root # Password for User password=$(openssl rand -hex 12) # Full Line echo "username $username privilege 15 password $password" SSH Pubkey Auth Config Snippet # Build Config cat << EOF ############################################ # Copy/Paste to your Cisco Devices - START # ############################################ conf t # Set Version ip ssh version 2 no aaa new-model # Set User username $username privilege 15 password $password # Set Key ip ssh pubkey-chain username $username key-string $pubkey exit exit exit # vty Stuff line vty 0 15 login local transport input ssh end write exit ############################################ # Copy/Paste to your Cisco Devices - END # ############################################ EOF you should test it in a lab environment before running on productiv switches ;)

Cisco Router, SSH, PubKey, ...

Intro I stumbled across an old Cisco box in the basement. I thought i might have some fun (or frust?) with the aging Device. The Hardware still works fine, right ? And what about the Software ? Let’s give a try ! Hardware show version Cisco 1841 (revision 7.0) with 352256K/40960K bytes of memory. Processor board ID FCZ1234757Y 6 FastEthernet interfaces 1 Virtual Private Network (VPN) Module DRAM configuration is 64 bits wide with parity disabled.

Vuln IOS XE 03.06.04

Security posture via Cisco PSIRT OpenVuln API Platform: iosxe Version: 03.06.04.E Advisory-ID Impact CVSS CVE Fixed with First Published cisco-sa-info-disclosure-V4BmJBNF Cisco IOS and IOS XE Software Information Disclosure Vulnerability 5.5 CVE-2020-3477 2020-09-24T16:00:00 cisco-sa-ikev2-9p23Jj2a Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability 7.5 CVE-2020-3230 2020-06-03T16:00:00 cisco-sa-ssh-dos-Un22sd2A Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability 7.7 CVE-2020-3200 2020-06-03T16:00:00 cisco-sa-snmp-dos-USxSyTk5 Cisco IOS and IOS XE Software Simple Network Management Protocol Denial of Service Vulnerability 7.

Vuln IOS XE 03.08.06

Security posture via Cisco PSIRT OpenVuln API Platform: iosxe Version: 03.08.06.E Advisory-ID Impact CVSS CVE Fixed with First Published cisco-sa-info-disclosure-V4BmJBNF Cisco IOS and IOS XE Software Information Disclosure Vulnerability 5.5 CVE-2020-3477 2020-09-24T16:00:00 cisco-sa-ikev2-9p23Jj2a Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability 7.5 CVE-2020-3230 2020-06-03T16:00:00 cisco-sa-ssh-dos-Un22sd2A Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability 7.7 CVE-2020-3200 2020-06-03T16:00:00 cisco-sa-snmp-dos-USxSyTk5 Cisco IOS and IOS XE Software Simple Network Management Protocol Denial of Service Vulnerability 7.

Vuln IOS XE 17.01.01

Security posture via Cisco PSIRT OpenVuln API Platform: iosxe Version: 17.01.01 Advisory-ID Impact CVSS CVE Fixed with First Published cisco-sa-ios-profinet-dos-65qYG3W5 Cisco IOS and IOS XE Software PROFINET Link Layer Discovery Protocol Denial of Service Vulnerability 7.4 CVE-2020-3512 2020-09-24T16:00:00 cisco-sa-profinet-J9QMCHPB Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability 7.4 CVE-2020-3409 2020-09-24T16:00:00 cisco-sa-xbace-OnCEbyS Cisco IOS XE Software Arbitrary Code Execution Vulnerability 6.7 CVE-2020-3417 2020-09-24T16:00:00 cisco-sa-iosxe-isdn-q931-dos-67eUZBTf Cisco IOS and IOS XE Software ISDN Q.

Vuln IOS 15.4(1)SY4

Security posture via Cisco PSIRT OpenVuln API Platform: ios Version: 15.4(1)SY4 Advisory-ID Impact CVSS CVE Fixed with First Published cisco-sa-info-disclosure-V4BmJBNF Cisco IOS and IOS XE Software Information Disclosure Vulnerability 5.5 CVE-2020-3477 2020-09-24T16:00:00 cisco-sa-ios-bgp-evpn-dos-LNfYJxfF Cisco IOS and IOS XE Software MP-BGP EVPN Denial of Service Vulnerability 6.1 CVE-2020-3479 2020-09-24T16:00:00 cisco-sa-tcl-dos-MAZQUnMF Cisco IOS and IOS XE Software Tcl Denial of Service Vulnerability 6.5 CVE-2020-3201 2020-06-03T16:00:00 cisco-sa-ikev2-9p23Jj2a Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability 7.

Vuln IOS 15.2(1)SY5

Security posture via Cisco PSIRT OpenVuln API Platform: ios Version: 15.2(1)SY5 Advisory-ID Impact CVSS CVE Fixed with First Published cisco-sa-info-disclosure-V4BmJBNF Cisco IOS and IOS XE Software Information Disclosure Vulnerability 5.5 CVE-2020-3477 2020-09-24T16:00:00 cisco-sa-tcl-dos-MAZQUnMF Cisco IOS and IOS XE Software Tcl Denial of Service Vulnerability 6.5 CVE-2020-3201 2020-06-03T16:00:00 cisco-sa-ikev2-9p23Jj2a Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability 7.5 CVE-2020-3230 2020-06-03T16:00:00 cisco-sa-ssh-dos-Un22sd2A Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability 7.

Vuln NXOS 8.2(4)

Security posture via Cisco PSIRT OpenVuln API Platform: nxos Version: 8.2(4) Advisory-ID Impact CVSS CVE Fixed with First Published cisco-sa-fxos-nxos-cfs-dos-dAmnymbd Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability 8.6 CVE-2020-3517 8.2(6) 2020-08-26T16:00:00 cisco-sa-nxos-pim-memleak-dos-tC8eP7uw Cisco NX-OS Software IPv6 Protocol Independent Multicast Denial of Service Vulnerability 7.5 CVE-2020-3338 8.2(6) 2020-08-26T16:00:00 cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC Cisco IOS, IOS XE, IOS XR, and NX-OS Software One Platform Kit Remote Code Execution Vulnerability 8.8 CVE-2020-3217 8.

Vuln IOS XE 03.08.09

Security posture via Cisco PSIRT OpenVuln API Platform: iosxe Version: 03.08.09.E Advisory-ID Impact CVSS CVE Fixed with First Published cisco-sa-info-disclosure-V4BmJBNF Cisco IOS and IOS XE Software Information Disclosure Vulnerability 5.5 CVE-2020-3477 2020-09-24T16:00:00 cisco-sa-cipdos-hkfTZXEx Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service Vulnerabilities 8.6 CVE-2020-3225 2020-06-03T16:00:00 cisco-sa-ssh-dos-Un22sd2A Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability 7.7 CVE-2020-3200 2020-06-03T16:00:00 cisco-sa-tcl-ace-C9KuVKmm Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability 6.

Vuln IOS 15.0(2)SE8

Security posture via Cisco PSIRT OpenVuln API Platform: ios Version: 15.0(2)SE8 Advisory-ID Impact CVSS CVE Fixed with First Published cisco-sa-profinet-J9QMCHPB Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability 7.4 CVE-2020-3409 2020-09-24T16:00:00 cisco-sa-info-disclosure-V4BmJBNF Cisco IOS and IOS XE Software Information Disclosure Vulnerability 5.5 CVE-2020-3477 2020-09-24T16:00:00 cisco-sa-cipdos-hkfTZXEx Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service Vulnerabilities 8.6 CVE-2020-3225 2020-06-03T16:00:00 cisco-sa-ikev2-9p23Jj2a Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability 7.