Jump to content

What about "CVE-2023-38408"?


Recommended Posts

 OpenSSH released an update regarding a vulnerability, identified as "CVE-2023-38408". All Open Source OpenSSH < 9.3p2 are affected. The last NetScaler firmware 13.1-49.13 has integrated OpenSSH_8.6p1-FIPS, OpenSSL 1.0.2zd-fips 15 Mar 2022. So these releases are also affected. For this reason must the NetScaler be updated? If yes, when will the update be available?

Best regards

Holger Schleife

Link to comment
Share on other sites

  • 2 months later...

Here is the answer from the Cloud Software Response Team:

Cloud Software Group is aware of the vulnerability (CVE-2023-38408) that impacts OpenSSH. Based on the investigation of the vulnerability, Cloud Software Group has determined that the NetScaler appliance is impacted by the vulnerability only if the appliance is configured as an ssh-agent.

Best regards

Holger

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...