Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Critical OpenSSH Vulnerability (CVE-2024-6387)

Hello,

please provide information about XG(S) firewalls are affected somehow?

https://www.sophos.com/en-us/security-advisories does not provide anything about it.

Thanks,
Fred12



This thread was automatically locked due to age.
Parents Reply
  • Hello,

    Running the "sshd -v" command while connected to a firewall running SFOS v20 outputs this:

    XGS126_XN02_SFOS 20.0.0 GA-Build222# sshd -v
    2024-07-04 12:14:51Z unknown option -- v
    OpenSSH , OpenSSL 1.1.1q 5 Jul 2022
    usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
    [-E log_file] [-f config_file] [-g login_grace_time]
    [-h host_key_file] [-o option] [-p port] [-u len]
    XGS126_XN02_SFOS 20.0.0 GA-Build222#

    Now I know that 1.1.1q is the version of OpenSSL but still, it was released back in 2022. It wouldn't be to far fetched to assume that OpenSSH also is running a version from 2022?

    Assuming that the build of OpenSSH used in SFOS is vanilla and since all version since 2020 are vulnerable, that would make SFOS's OpenSSH version also vulnerable wouldn't it?

    Thank you

Children