Open SSH 7.8 related vulnerabilities CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2018-15919 on vCenter 7.0
search cancel

Open SSH 7.8 related vulnerabilities CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2018-15919 on vCenter 7.0

book

Article ID: 369479

calendar_today

Updated On: 12-18-2024

Products

VMware vCenter Server

Issue/Introduction

Scanner flagging CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2018-15919 on vCenter 7.0

Environment

vcenter 7.x

Cause

Openssh version on vCenter 7< 8.0

Resolution

The major vulnerabilities are shared via the VMSA portal. Since these are not deemed critical, they have not been included in the security advisory.

The CVEs are related to OpenSSH 7.8, which was implemented in vCenter 7.0.

  • CVE-2018-20685 is addressed in openssh-7.8p1-2.ph3.x86_64.rpm
  • CVE-2019-6109 and CVE-2019-6111 are addressed in openssh-7.8p1-3.ph3.x86_64.rpm
  • CVE-2019-6110 is addressed in openssh-7.8p1-4.ph3.x86_64.rpm
  • CVE-2018-15919 is addressed in openssh-7.5p1-10.ph3.x86_64.rpm

The issues with OpenSSH are addressed in openssh-7.8p1-4.ph3.x86_64.rpm.

In vCenter Server 7.0 Update 3d, the OpenSSH version has been upgraded to 7.8p1-10.ph3.

In vCenter 8.0 U2b, the OpenSSH version has been upgraded to 8.9p1-4.ph4.

Reference:

VMware vCenter Server Photon OS Security Patches

https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vcenter-server-appliance-photonos-security-patches.html
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vcenter-server-appliance-photonos-security-patches/index.html

Therefore, we recommend upgrading to the latest versions: vCenter 7.0 U3d or vCenter 8.0 U2b to ensure you have the updated OpenSSH versions.

Additional Information

VMware Security Advisories

https://www.broadcom.com/support/vmware-security-advisories

 National Vulnerability Database - Search Parameters: CPE Product Version: cpe:/a:openbsd:openssh:7.9