OpenSSH Sensitive Information Disclosure Vulnerability - CVE-2023-28531
search cancel

OpenSSH Sensitive Information Disclosure Vulnerability - CVE-2023-28531

book

Article ID: 422924

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

The following CVE is being reported by security scanner as being vulnerable to NSX Manager

  • CVE-2023-28531

Environment

VMware NSX

Cause

OpenSSH version 8.9 and above prior to 9.3 is impacted by this vulnerability

Resolution

  • From the vCenter server open the web console of 1 of the 3 NSX Managers and login using the admin user

 

  • To verify the version of openssh on your appliance run the following command from root CLI:

apt list openssh-server

  • NSX 4.2.0 uses OpenSSH version 1:8.9p1-3ubuntu0.11 and CVE-2023-28531 indicates this vulnerablity is patched in version 1:8.9p1-3ubuntu0.5
  • Not Applicable to NSX. Smartcard-based authentication for SSH is not enabled. The common cases of non-smartcard keys and keys without destination constraints are unaffected.

Additional Information

Security Advisory: For more details on the CVE and associated fixes, refer to the OpenSSH Security Advisory

Powered by Wolken Software