Can I access, configure or upgrade PAM or the underlying OS?
search cancel

Can I access, configure or upgrade PAM or the underlying OS?

book

Article ID: 143290

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Can external access be given to PAM so we can patch, configure or upgrade the OS?

Cause

Internal auditors may want to know what OS version of a PAM appliance

Resolution

PAM appliances run on a heavily customized Debian release with a custom kernel. The 4.1.x appliances run on a Debian 9 (stretch) release with a custom 4.14 kernel, while the 4.2.x appliances run on a Debian 12 (bookworm) release with a custom 6.1 kernel.

Most vulnerabilities that may affect Debian in general do not affect PAM. Updates to the kernel are not performed outside of PAM upgrades.

PAM is a closed appliance, accessible by users only through the HTTPS web service. We do not allow SSH access by PAM admins, only Broadcom employees are permitted to SSH into the appliance.

Additional Information

Any vulnerability found in PAM is addressed with highest priority and will be included in hotfixes or maintenance releases as applicable.  If your internal security department thinks that there is a vulnerability in our appliance, then please open a support ticket and supply us the details.

Powered by Wolken Software