OpenSSH Vulnerabilities CVE-2023-51384 and CVE- 2023-51385
search cancel

OpenSSH Vulnerabilities CVE-2023-51384 and CVE- 2023-51385

book

Article ID: 370007

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Customer vulnerability scanners will detect open SSH vulnerabilities.

CVE-2023-51384 priority is medium (CVSS score is 5.5)

CVE-2023-51385 priority is medium (CVSS score is 5.5)

Environment

VMware vCenter Sever 7.x

VMware vCenter Sever 8.x

Resolution

CVE-2023-51384 and CVE- 2023-51385 are fixed in vCenter 8.0 U3 patch.

Additional Information

Since OpenSSH is one of the packages which comes as a complete installation bundle with VMware vCenter Server we cannot upgrade it to specific version.
Keep ssh disabled on your host unless it is required for troubleshooting purposes.

This CVE is affected to the openssh version 8.9 and above

Run the following command to verify the version being used in the environment.
Open ssh session of the VC and run "rpm -qa | grep -i ssh"