- 09 Jan 2023
- 1 Minute to read
- Print
- DarkLight
- PDF
Is Netreo affected by any of the known SSH vulnerabilities?
- Updated on 09 Jan 2023
- 1 Minute to read
- Print
- DarkLight
- PDF
Netreo uses the OpenSSH networking utilities suite. In practice, the following vulnerabilities are not exploitable in Netreo. Additionally, users can disable SSH shell access entirely using the Netreo system preferences if they would like to eliminate these results from their vulnerability scans entirely.
CVE-2016-10009
CVE-2016-10010
These are not exploitable as they have to do with port forwarding, which is disabled in Netreo’s SSH implementation.
CVE-2016-10011
CVE-2016-10012
These are local user privilege escalation issues that are not exploitable as they require local shell access, which Netreo does not provide to any user.
CVE-2016-8858
This is a disputed CVE. OpenSSH does not consider it a vulnerability and therefore it is not fixed. The worst case scenario in any case is a local DOS of the SSH process which is resource limited.