Aria Operations for Networks 6.14 Showing Vulnerabilities for OpenSSH CVE-2024-6387
search cancel

Aria Operations for Networks 6.14 Showing Vulnerabilities for OpenSSH CVE-2024-6387

book

Article ID: 406904

calendar_today

Updated On:

Products

VCF Operations for Networks

Issue/Introduction

Aria Operations for Networks 6.14 Showing Vulnerabilities for  OpenSSH CVE-2024-6387

Security Scanner has found an OpenSSH vulnerability on our VMware Aria Operations for Networks appliances

Environment

Aria Operations for Networks 6.14.0

Cause

Aria Operations for Networks 6.14.0 is not affected by OpenSSH CVE-2024-6387

Resolution

To Validate if OpenSSH CVE-2024-6387 is affected on Version 6.14.0, execute below commands:

  1. Open a SSH/Putty session to Aria Operations for Networks appliance.

  2. Login with username support.

  3. Execute below commands
    ub
sudo dpkg -l | grep openssh
  4. If you see outputs as below, then Aria Operations for Networks is not affected.
    ubuntu@aria-networks-platform:~$ sudo dpkg -l | grep openssh
ii  openssh-client                        1:8.9p1-3ubuntu0.10                     amd64        secure shell (SSH) client, for secure access to remote machines
ii  openssh-server                        1:8.9p1-3ubuntu0.10                     amd64        secure shell (SSH) server, for secure access from remote machines
ii  openssh-sftp-server                   1:8.9p1-3ubuntu0.10                     amd64        secure shell (SSH) sftp server module, for SFTP access from remote machines
ubuntu@aria-networks-platform:~$
  5. Internal Scanner used is showing False Positive.

  6. Work with your Security team to create an exception on the Security Vulnerability scanner.

       

Additional Information

This issue is fixed with Fixed 1:8.9p1-3ubuntu0.10

Refer to https://ubuntu.com/security/cve-2024-6387

 

Powered by Wolken Software