Login
    Contents x
    Is Netreo Vulnerable to the CVE-2024-3094 xz Utils backdoor vulnerability?
    • 01 Apr 2024
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Is Netreo Vulnerable to the CVE-2024-3094 xz Utils backdoor vulnerability?

    • Updated on 01 Apr 2024
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Short Answer
    No. Netreo is NOT vulnerable to this exploit.

    On Friday, March 29, 2024, it was announced that researchers had discovered a vulnerability in widely used Linux distributions. Specifically within the liblzma data compression library (xz Utils versions 5.6.0 and 5.6.1). This vulnerability could be exploited to compromise OpenSSH and allow an attacker to remotely access unauthorized systems. This exploit has been catalogued as CVE-2024-3094.

    We have confirmed that Netreo systems do not use the affected versions of xz Utils, so it is not vulnerable. Additionally, Netreo does not expose OpenSSH to the public internet on networks under its control, which is necessary for an external attacker to exploit vulnerable instances.

    If you have any concerns, please feel free to contact Netreo Support.

    Was this article helpful?
    What's Next
    PLATFORM
    WHY NETREO?
    SOLUTIONS BY INITIATIVE
    SOLUTIONS BY INDUSTRY
    SOLUTIONS BY JOB FUNCTION
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout