OpenSSH Vulnerabilities CVE-2023-51384 and CVE-2023-51385 for vCloud Director
search cancel

OpenSSH Vulnerabilities CVE-2023-51384 and CVE-2023-51385 for vCloud Director

book

Article ID: 379769

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

Customer vulnerability scanners will detect open SSH vulnerabilities.

CVE-2023-51384 priority is medium (CVSS score is 5.5)

CVE-2023-51385 priority is medium (CVSS score is 5.5)

Environment

VMware Cloud Director 10.5.x

Cause

This CVE is affected to the openssh version 8.9 and above

Run the following command to verify the version being used in the environment.
Open ssh session of the VC and run "rpm -qa | grep -i ssh"

Resolution

Since OpenSSH is one of the packages which comes as a complete installation bundle with VMware Cloud Director we cannot upgrade it to specific version.

As a workaround keep SSH disabled on vCloud Director unless required for Troubleshooting. To deactivate SSH

Alternatively, this is resolved in Cloud Director 10.6 - VMware Cloud Director 10.6 Release Notes