OpenSSH Vulnerabilities

Products

VMware Telco Cloud Automation VMware vCenter Server 8.0 VMware Telco Cloud Platform VMware Aria Suite VMware Integrated OpenStack

Issue/Introduction

Customer vulnerability scanners detects below OpenSSH vulnerabilities.

CVE-2023-51384 priority is medium (CVSS score between 4 and 7)

CVE-2023-51385 priority is medium (CVSS score between 4 and 7)

CVE-2019-16905, CVE-2020-15778 priority is High (CVSS score is above 7)

CVE-2023-48795, CVE-2020-14145, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2018-15919, CVE-2016-20012 priority is medium (CVSS score between 4 and 7)

CVE-2025-26465 priority is medium (CVSS score between 4 and 7)

CVE-2025-23419 priority is medium (CVSS score 5)

Environment

VMware vCenter Sever 8.x

VROPs 8.18.1

VRO 8.18.1

vROPS remote collecter 8.18.

VRLI 8.18

TCA 3.2

Airgap 3.2

Harbor 2.6.x

VIO 7.x

Resolution

Below are the CVE details with the fix.

Product	Version	Relevant CVEs	Fix / Update Status	Notes
vCenter	8u3d	CVE-2023-51384, CVE-2023-51385	Fixed in vCenter 8.0 U3 update openssh-clients-8.9p1-8.ph4 CVE-2023-51385 is fixed and not present CVE-2023-51384 is fixed and not present	Fixed in vCenter 8.0 U3 update (e.g. 8u3d); Broadcom KB #370007 confirms updated Reference KB OpenSSH Vulnerabilities CVE-2023-51384 and CVE- 2023-51385
Airgap	3.2	CVE-2023-51384, CVE-2023-51385 CVE-2025-23419	Airgap openssh-8.9p1-8.ph4 CVE-2023-51385 is fixed and not present in TCA 3.2 Patch (3.2.0.1) CVE-2023-51384 is fixed and not present in TCA 3.2 Patch (3.2.0.1) CVE-2025-23419 This vulnerability, applies to nginx versions 1.11.4 through 1.27.3 when configured to use TLSv1.3 with session resumption enabled through ssl_session_cache or ssl_session_tickets.Although the Airgap Server (version 3.2.0.1) utilizes nginx 1.26.2, its default configuration enforces the use of TLSv1.2 rather than the affected TLSv1.3. As a result, Airgap 3.2 environment is not impacted by CVE-2025-23419, and no remediation is needed.You may verify the TLS version configured on the Airgap Server using the following commands:grep -i tls /etc/nginx/nginx.conf.Expected Output should be ssl_protocols TLSv1.2;	The photon used by broadcom is the patched photon version. Depending on the patched version, some of the vulnerabilities reported in higher ssh version are fixed in the lower ssh photon version.
TCA	3.2	CVE-2023-51384, CVE-2023-51385	In the TCA-M , ssh version is openssh-8.9p1-7.ph4 CVE-2023-51385 is fixed and not present in TCA 3.2 Patch (3.2.0.1) CVE-2023-51384 is fixed and not present in TCA 3.2 Patch (3.2.0.1) TCA-CP, openssh-8.9p1-7.ph4 CVE-2023-51385 is fixed and not present in TCA 3.2 Patch (3.2.0.1) CVE-2023-51384 is fixed and not present in TCA 3.2 Patch (3.2.0.1)
vR Orchestrator (VRO)	8.18.1	CVE-2023-51384, CVE-2023-51385	openssh-8.9p1-7.ph4.x86_64 CVE-2023-51385 is fixed and not present CVE-2023-51384 is fixed and not present
vROPS	8.18.1	CVE-2023-51384, CVE-2023-51385	openssh-8.9p1-7.ph4.x86_64 CVE-2023-51385 is fixed and not present CVE-2023-51384 is fixed and not present
vROPS remote collecter (8.18.)	8.18.1	CVE-2023-51384, CVE-2023-51385	openssh-9.3p2-10.ph5.x86_64 CVE-2023-51385 is fixed and not present CVE-2023-51384 is fixed and not present
vRLI	8.18	CVE-2023-51384, CVE-2023-51385	openssh-8.9p1-7.ph4.x86_64 CVE-2023-51385 is fixed and not present CVE-2023-51384 is fixed and not present
Harbor	2.6.3	CVE-2019-16905, CVE-2020-15778 CVE-2023-48795, CVE-2020-14145, CVE-2023-51385, CVE-2023-51384 CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2018-15919, CVE-2016-20012	Harbor version v2.6.3-1297af6c is vm shell and is not provided by VMware/ Broadcom. because of which the reported 2 vulnerabilities are not applicable. The newer supported versions of harbor are provided via CN solution, and these do not these vulnerabilities.	For the 2.6 version, Broadcom provides something like harbor-offline-installer-v2.6.X.tgz , this installer can be installed on any VM, so if your chosen VM's ssh gets outdated , the scanner would report it as vulnerable. For 2.6 Harbor , Broadcom only gives this installer ** and the outer shell is not controlled/managed by Broadcom. So a ssh update for the Harbor VM can get rid of the reported security vulnerabilities
Harbor	2.6	CVE-2025-26465	Harbor version v2.6 is vm shell and is not provided by VMware/ Broadcom. Users are typically downloading a Photon OS from public repositories and setting that up. VMWare/Broadcom do not need to provide workarounds / fixes for those. VMWare/Broadcom own Harbor 2.9 onwards (CNF method). Users are free to apply generic Linux recommendations for prior versions.	Issue was fixed on photon OS version 4. Users who deployed TCA version 3.2.0.1, need to execute "`tdnf update -y`" to update the system to fix the vulnerability
VMware Integrated Openstack	7.x	PHSA-2019-3.0-0003 CVE-2018-20685 PHSA-2019-3.0-0014 CVE-2019-6109, CVE-2019-6111 PHSA-2019-3.0-0017 CVE-2019-6110 PHSA-2023-3.0-0705 CVE-2023-51385	These issues with openssh will be addressed with openssh-7.8p1-18. If the package returned is less than openssh-7.8p1-18 (see Additional Information) run the following: `tdnf update openssh`	For CVE-2023-51384, it is not applicable to the openssh version 7.8p1 , This CVE is applicable in openssh version 8.9 and above. For CVE-2023-48795, please see OpenSSH vulnerability CVE-2023-48795

Additional Information

Run the following command to verify the version being used in the environment.

Login via root and output the full version of SSH in the Product via,

#rpm -qa | grep openssh

Then look at the patch version and compare it here

Photon OS Security Advisories

#rpm -qa | grep openssh