[cisco-voip] SSH Access For CUCM 7.5

Lelio Fulgenzi lelio at uoguelph.ca
Mon Nov 14 16:51:43 EST 2016


I suspect that the security scan wants to evaluate the risk of the SSH service running on the host, regardless of who can access it. By opening SSH access from the scan host to the CCM host, the security scan can run whatever SSH tests they want to see if it's vulnerable.


Even if you block SSH access from everything except your teams subnet, the SSH server is still vulnerable. This is what the security scan typically wants to find out.


The impact of the vulnerability is reduced by your limited access, which would then give you either (a) a pass with conditions, or (b) a fail that you need to resolve.


This is just me piecing things together from your note and from my experience.


Lelio



---
Lelio Fulgenzi, B.A.
Senior Analyst, Network Infrastructure
Computing and Communications Services (CCS)
University of Guelph

519-824-4120 Ext 56354
lelio at uoguelph.ca
www.uoguelph.ca/ccs
Room 037, Animal Science and Nutrition Building
Guelph, Ontario, N1G 2W1


________________________________
From: cisco-voip <cisco-voip-bounces at puck.nether.net> on behalf of Asim Mekki Basheer <asim_323 at hotmail.com>
Sent: Sunday, November 13, 2016 2:10 AM
To: cisco-voip at puck.nether.ne
Subject: [cisco-voip] SSH Access For CUCM 7.5


Hello Everyone


we have CUCM 7.5 in our setup, this week we have security assessment for the call manager The consultant  requested the below Access to The CUCM to perform scan:


1-Cisco Call Managers and access to ports 22 and 8443.



how can we give SSH we have only admin ACCESS for the SSH


Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20161114/257f5a80/attachment.html>


More information about the cisco-voip mailing list