Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

CVE-2021-28041 SSH Vulnerability

 

Information

 

Summary:

CVE-2021-28041 started showing up on vulnerability scans.

Environment:

Product: LoadMaster

Version: Any

Platform: Any

Application: Any

Question/Problem Description:

CVE-2021-28041 recently started showing up on an internal vulnerability scan. Was curious if there was a code update that has OpenSSH 8.5 or later included or if I can disable it?

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution:
  • The LoadMaster is not vulnerable to this SSH vulnerability.
  • The LoadMaster can only gain root access via an xroot user through a temporary password, and there are also no user accounts on the LoadMaster besides bal, or any custom created users for SSH access.
Workaround: You can also simply disable SSH access to the LoadMaster under Certificates & Security > Remote Access > Uncheck Allow Remote SSH Access.
Notes:  

Was this article helpful?
0 out of 1 found this helpful

Comments