Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Vulnerability CVE-2023-38408

 

Information

 

Summary:

Details about vulnerability CVE-2023-38408.

Environment:

Product: Flowmon OS

Version: Any

Platform: Any

Question/Problem Description:

Is the Flowmon OS affected by vulnerability CVE-2023-38408?

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution: Remote exploitation required that a user establishes an SSH connection to a compromised or malicious SSH server with agent forwarding enabled. The agent forwarding is disabled by default.
 
Flowmon OS has agent forwarding disabled so it is not vulnerable. Can be checked with:
grep -Ri "ForwardAgent" /etc/ssh/

Expected output:

/etc/ssh/ssh_config:#   ForwardAgent no

The OpenSSH package has been updated since FOS 12.2.6.

Workaround:  
Notes:

https://access.redhat.com/security/cve/cve-2023-38408

https://access.redhat.com/errata/RHSA-2023:4382


Was this article helpful?
0 out of 0 found this helpful

Comments