CVE-2023-28531
I am using Netgear Armor. It periodically scans my Firewalla Gold. I keep getting the following CVEs for OpenSSH 7.6 p1
CVE-2023-28531
CVE-2008-3844
I've got internal client access to SSH turned off, so I should be ok. I would like to know if these CVEs have been addressed?
-Nelson
-
I don't really trust Netgear for anything security-related. Having said that...
CVE-2008-3844 applies to Red Hat Enterprise Linux from years ago. I don't see that it would apply to a modern Ubuntu system.
CVE-2023-28531 only applies if you're logged in to the Firewalla system via SSH or on the console and you use SSH to connect from there to another system. It's a problem with missing destination constraints when using smartcard keys. Unless you're doing abnormal things from the CLI of your firewall, I don't see that this one applies. I know that I personally wouldn't try to setup a smartcard key with ssh-agent on my Firewalla. I don't use my firewall systems as desktops either.
Please sign in to leave a comment.
Comments
1 comment