Security scanners report openssh 7.8p1 vulnerabilities for vLCR connectors
search cancel

Security scanners report openssh 7.8p1 vulnerabilities for vLCR connectors

book

Article ID: 395851

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

Following CVEs may be reported for VMware Live Cyber Recovery connectors running openssh version 7.8p1.

CVE-2018-20685
CVE-2019-6109
CVE-2019-6110
CVE-2019-6111
CVE-2023-48795
CVE-2023-51384
CVE-2023-51385

Environment

VMware Live Cyber Recovery 7.27.x

Cause

This is a known issue and VLCR engineering is aware of this. 

Resolution

The openssh version is expected to be updated in VLCR version 7.28.x. 

As a workaround till the fix is made available, manually disable ssh in the connectors

1) Login to the connector shell as admin. (password available in VLCR UI)

2) Enable elevated root account. Refer KB379853 .

3) Login to the connector back with root account. 

4) Run below command to stop the ssh service 

#systemctl stop sshd.service

5) Run below command to disable the service 

#systemctl disable sshd.service

6) To verify the service status run the below command 

#systemctl status sshd.service

Powered by Wolken Software