SSL Visibility Appliance vulnerable to CVE-2023-51385.
search cancel

SSL Visibility Appliance vulnerable to CVE-2023-51385.

book

Article ID: 367129

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

You may run vulnerability scan, and results shows that SSLV is vulnerable to CVE-2023-51385.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385

Cause

Summary of CVE-2023-51385

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

Resolution

SSLV is not vulnerable as ssh configuration files do not include expansion tokens.