OpenSSH Vulnerabilities for VCD [CVE-2024-6387, CVE-2023-28531, CVE-2023-51384, CVE-2023-38408, CVE-2023-51385]
search cancel

OpenSSH Vulnerabilities for VCD [CVE-2024-6387, CVE-2023-28531, CVE-2023-51384, CVE-2023-38408, CVE-2023-51385]

book

Article ID: 412532

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

Following OpenSSH vulnerabilities being reported for VMware Cloud Director (VCD):

  • OpenSSH Remote Unauthenticated Code Execution Vulnerability (regreSSHion) (CVE-2024-6387)
  • OpenSSH Sensitive Information Disclosure Vulnerability (CVE-2023-28531)
  • OpenSSH Incomplete Constrains Sensitive Information Disclosure Vulnerability (CVE-2023-51384)
  • OpenSSH Remote Code Execution (RCE) Vulnerability in its forwarded ssh-agent (CVE-2023-38408)
  • OpenSSH OS Command Injection Vulnerability (CVE-2023-51385)

Environment

  • VMware Cloud Director 10.6.1
  • Photon OS 4

Resolution

Check OpenSSH Version:

  • Verify the installed OpenSSH versions with: rpm -qa | grep -i openssh
  • Ensure that OpenSSH 8.9p1-8.ph4 (or a later version) is installed

If OpenSSH 8.9p1-8.ph4 is installed, then no action is needed as the above vulnerabilities have been resolved in this version.

Powered by Wolken Software