Created on 04-02-2024 09:30 AM Edited on 04-02-2024 09:30 AM
Our tenable is detecting that our Fortianalyzer VM is using a vulnerable version of openSSH " The version of OpenSSH installed on the remote host is prior to 9.3 " and we should upgrade to a 9.3 or later.
is there any patch for that?
Solved! Go to Solution.
Created on 04-02-2024 05:15 PM
FortiAnalyzer is not considered vulnerable to CVE-2023-28531 because it does not use ssh-add, nor smartcard, nor ssh-agent.
View solution in original post
Created on 04-02-2024 09:42 AM Edited on 04-02-2024 11:12 AM
Which FAZ version?
Created on 04-02-2024 09:53 AM
the Faz is running on the latest version: v7.4.2-build2397
Created on 04-02-2024 11:13 AM Edited on 04-02-2024 11:17 AM
Can you try exploit the vulnerability?
The idea behind is, I think it is possible that the OpenSSH version on your FAZ is a modified version (by Fortinet).
Created on 04-03-2024 04:38 AM
Thank you for your answer.
Created on 05-03-2024 02:30 AM
Is the same situation for FortiManager (v6.4.14-build2660 240206 (GA))?
Thanks.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
