Request if this vulnerabiliities affect PAM: CVE-2019-6110 and CVE-2019-6111,CVE-2020-15778,CVE-2023-48795, CVE-2023-51384, CVE-2023-51385,CVE-2023-51767,CVE-2025-32728
search cancel

Request if this vulnerabiliities affect PAM: CVE-2019-6110 and CVE-2019-6111,CVE-2020-15778,CVE-2023-48795, CVE-2023-51384, CVE-2023-51385,CVE-2023-51767,CVE-2025-32728

book

Article ID: 399793

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Customer sent a list of vulnerabilities to check if PAM is affected

Resolution

#1Threat - QID-38915: 3 - Medium - OpenSSH OS Command Injection Vulnerability

The CVE corresponding to this QID is CVE-2023-51385. This is a client side vulnerability.

When a ssh-client uses ssh-config and ProxyCommand is configured for a target server with shell meta characters,

then a person who controls this ProxyCommand configuration can run command on the machine where ssh-client runs.

 


#2 Threat - QID-38947: 3 - Medium - OpenSSH Multiple Security Vulnerabilities

From google search I found that following CVEs are related to this QID, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110 and CVE-2019-6111.

All these vulnerabilities in client not in the server functionality.

 

#3 Threat - QID-38901: 3 - Medium - OpenSSH Command Injection Vulnerability

This QID relates to cve-2020-15778. This vulnerability is in the scp functionality of the OpenSSH client, that allows a local

scp client to execute command on the remote server when a backtick is used as a part of the file name.

This can be fixed only on the client side. On the PAM itself we do not use scp command.

 

#4 Threat - QID-38928: 3 - Medium - OpenSSH Incomplete Constrains Sensitive Information Disclosure Vulnerability

This QID relates to CVE-2023-51384. This vulnerability is in ssh-agent. We do not use ssh-agent for storing keys

and use agent for forwarding. This issue does not impact PAM.

 

#5 Threat - QID-38968: 3 - Medium - OpenSSH Security Update (CVE-2025-26465)

This is client side vulnerability. Does not impact PAM.

 

#6 Threat - QID-38919: 3 - Medium - OpenSSH Authentication Bypass Vulnerability

This QID relates to CVE-2023-51767. PAM does not support password based authentication.

It only uses private key authentication. So this vulnerability does not impact PAM.

 

#7 Threat - QID-42395: 3 - Medium - Encrypted Management Interfaces Accessible On Cisco Device

This does not apply to PAM as it is not a Cisco device.

 

#8 OpenSSH SSH Protocol Vulnerability (CVE-2023-48795)

This vulnerabiity is present in [email protected] and the [email protected] MAC algorithms.

We do not use these algorithms.

 
#9 SHA1 deprecated setting for SSH

PAM does not use SHA1 algorithm.

 

#10 OpenSSH Expected Behavior Violation Vulnerability (CVE-2025-32728)

The DisableForwarding directive in sshd (the OpenSSH server daemon) does

not fully adhere to its documented functionality. Specifically, it fails

to disable X11 forwarding and agent forwarding.

This vulnerability only impacts if DisableForwarding is set to yes.

PAM is not impacted.

Powered by Wolken Software