OpenSSH Vulnerabilities CVE-2023-51384 and CVE- 2023-51385
search cancel

OpenSSH Vulnerabilities CVE-2023-51384 and CVE- 2023-51385

book

Article ID: 370007

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Vulnerability scanners will detect OpenSSH vulnerabilities as below:

CVE-2023-51384 priority is medium (CVSS score is 5.5)
CVE-2023-51385 priority is medium (CVSS score is 5.5)

Environment

VMware vCenter Server 7.x
VMware vCenter Server 8.x

Resolution

  • CVE-2023-51384 and CVE- 2023-51385 are fixed in vCenter 8.0 U3 patch.
  • For vCenter 7.x version:

CVE-2023-51384 is not applicable to the OpenSSH version 7.8p1

CVE- 2023-51385 is fixed in the vCenter version 7.0U3v 

Additional Information

  • Since OpenSSH is one of the packages which comes as a complete installation bundle with VMware vCenter Server we cannot upgrade it to specific version.
  • Keep SSH disabled on your host unless it is required for troubleshooting purpose
  • This CVE is affected to the OpenSSH version 8.9 and above
  • Run the following command on the vCenter SSH to verify the version being used in the environment.

rpm -qa | grep -i ssh

  • CVE-2023-51384 and CVE- 2023-51385 vulnerabilities are fixed in OpenSSH 8.9p1-6, which are the makeup of VCSA 8.0.3.00000 (8.0 U3). 
  • There should be no impact from CVE-2023-51384 and CVE- 2023-51385 on VCSA 8.0 U3.
  • If security scanner still reporting them then are false positives.

OpenSSH の脆弱性 (CVE-2023-51384 and CVE- 2023-51385)

Powered by Wolken Software