Vulnerability scanner is reporting vulnerability with Openssh Package in Aria Operations for Logs
search cancel

Vulnerability scanner is reporting vulnerability with Openssh Package in Aria Operations for Logs

book

Article ID: 382210

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • Vulnerability scanner is reporting that it discovered vulnerability (CVE-2023-38408) - It is a condition where specific libraries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the conditions mentioned here are met
  • Vulnerability scanner is also reporting that is discovered vulnerability (CVE-2024-6387) - race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Environment

Aria Operations for Logs 8.14 and later

Resolution

VMware By Broadcom is aware of CVE-2023-38408.
Please refer to the release notes for existing and forthcoming product releases for any updates in relation to this CVE.
Should you require further information please contact Broadcom Support.

VMware By Broadcom is aware of CVE-2024-6387.
Please refer to the release notes for existing and forthcoming product releases for any updates in relation to this CVE.
Should you require further information please contact Broadcom Support.

Powered by Wolken Software