Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Assiamour_
New Contributor II

Fortianalyzer Critical Vulnerability CVE-2023-28531 OpenSSH

Our tenable is detecting that our Fortianalyzer VM is using a vulnerable version of openSSH " The version of OpenSSH installed on the remote host is prior to 9.3 " and we should upgrade to a 9.3 or later. 

is there any patch for that?

 

image.png

1 Solution
jasonhong
Staff
Staff

FortiAnalyzer is not considered vulnerable to CVE-2023-28531 because it does not use ssh-add, nor smartcard, nor ssh-agent.

View solution in original post

6 REPLIES 6
AEK
SuperUser
SuperUser

Which FAZ version? 

AEK
AEK
Assiamour_
New Contributor II

the Faz is running on the latest version: v7.4.2-build2397

AEK

Can you try exploit the vulnerability?

The idea behind is, I think it is possible that the OpenSSH version on your FAZ is a modified version (by Fortinet).

AEK
AEK
jasonhong
Staff
Staff

FortiAnalyzer is not considered vulnerable to CVE-2023-28531 because it does not use ssh-add, nor smartcard, nor ssh-agent.

Assiamour_

Thank you for your answer. 

mpg1
New Contributor

Is the same situation for FortiManager (v6.4.14-build2660 240206 (GA))?

Thanks.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors