OpenSSH version 8.9 Vulnerability (CVE-2023-28531) in vSphere Replication and Site recovery manager.
Article ID: 369587
Updated On:
Products
Issue/Introduction
Vulnerability scanners may flag OpenSSH version 8.9 as vulnerable due to CVE-2023-28531. This CVE pertains to a security vulnerability that could potentially affect systems utilizing affected versions of OpenSSH.
Vulnerability Details
CVE Identifier: CVE-2023-28531
Vulnerability Description: CVE-2023-28531 describes a vulnerability in OpenSSH where certain configurations could allow an attacker to bypass security measures or execute unauthorized commands. The exact nature of the vulnerability involves potential security weaknesses in OpenSSH that could lead to privilege escalation or unauthorized access.
Severity: The CVE-2023-28531 has been rated with a certain level of severity, reflecting its potential impact on affected systems. It is important to review the specific CVSS score and impact details provided by OpenSSH advisories for more context.
Environment
vSphere Replication:8.x
Site Recovery Manager:8.x
Resolution
Photon OS 4.0, which is used in vSphere Replication and Site Recovery Manager, has been patched to address this vulnerability. VMware has included the necessary security updates in Photon OS to mitigate the risk associated with CVE-2023-28531.
Confirm the Photon OS version using the following command:
cat /etc/photon-releaseThe output should display:
VMware Photon OS 4.0
PHOTON BUILD_NUMBER=2f5aad892
vSphere Replication version 8.8 and above, as well as Site Recovery Manager version 8.8 and above, are based on Photon OS 4.0, which includes the relevant security patches for CVE-2023-28531.
Additional Information
VMware vCenter Site Recovery Manager: version 8.8.0, build 22795455
Photon OS: Build number 2f5aad892
Security Advisory: For more details on the CVE and associated fixes, refer to the OpenSSH Security Advisory
Feedback
