Fortianalyzer Critical Vulnerability CVE-2023-28531 OpenSSH

Assiamour_ · ‎04-02-2024

Our tenable is detecting that our Fortianalyzer VM is using a vulnerable version of openSSH " The version of OpenSSH installed on the remote host is prior to 9.3 " and we should upgrade to a 9.3 or later.

is there any patch for that?

jasonhong · ‎04-02-2024

FortiAnalyzer is not considered vulnerable to CVE-2023-28531 because it does not use ssh-add, nor smartcard, nor ssh-agent.

View solution in original post

AEK · ‎04-02-2024

Which FAZ version?

AEK

Assiamour_ · ‎04-02-2024

the Faz is running on the latest version: v7.4.2-build2397

AEK · ‎04-02-2024

Can you try exploit the vulnerability?

The idea behind is, I think it is possible that the OpenSSH version on your FAZ is a modified version (by Fortinet).

AEK

jasonhong · ‎04-02-2024

FortiAnalyzer is not considered vulnerable to CVE-2023-28531 because it does not use ssh-add, nor smartcard, nor ssh-agent.

Assiamour_ · ‎04-03-2024

Thank you for your answer.

mpg1 · ‎05-03-2024

Is the same situation for FortiManager (v6.4.14-build2660 240206 (GA))?

Thanks.

Fortianalyzer Critical Vulnerability CVE-2023-28531 OpenSSH

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website