Can external access be given to PAM so we can patch, configure or upgrade the OS?
Internal auditors may want to know what OS version of a PAM appliance
PAM appliances run on a heavily customized Debian release with a custom kernel. The 4.1.x appliances run on a Debian 9 (stretch) release with a custom 4.14 kernel, while the 4.2.x appliances run on a Debian 12 (bookworm) release with a custom 6.1 kernel.
Most vulnerabilities that may affect Debian in general do not affect PAM. Updates to the kernel are not performed outside of PAM upgrades.
Any vulnerability found in PAM is addressed with highest priority and will be included in hotfixes or maintenance releases as applicable. If your internal security department thinks that there is a vulnerability in our appliance, then please open a support ticket and supply us the details.