Login
    Contents x
    Is Netreo affected by any of the known SSH vulnerabilities?
    • 09 Jan 2023
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Is Netreo affected by any of the known SSH vulnerabilities?

    • Updated on 09 Jan 2023
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Short Answer
    No. Netreo is NOT vulnerable to any of these exploits.

    Netreo uses the OpenSSH networking utilities suite. In practice, the following vulnerabilities are not exploitable in Netreo. Additionally, users can disable SSH shell access entirely using the Netreo system preferences if they would like to eliminate these results from their vulnerability scans entirely.

    CVE-2016-10009
    CVE-2016-10010
    These are not exploitable as they have to do with port forwarding, which is disabled in Netreo’s SSH implementation.

    CVE-2016-10011
    CVE-2016-10012
    These are local user privilege escalation issues that are not exploitable as they require local shell access, which Netreo does not provide to any user.

    CVE-2016-8858
    This is a disputed CVE. OpenSSH does not consider it a vulnerability and therefore it is not fixed. The worst case scenario in any case is a local DOS of the SSH process which is resource limited.

    Was this article helpful?
    What's Next
    PLATFORM
    WHY NETREO?
    SOLUTIONS BY INITIATIVE
    SOLUTIONS BY INDUSTRY
    SOLUTIONS BY JOB FUNCTION
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout