1. Home
  2. Is Netreo affected by any of the known SSH vulnerabilities?

Is Netreo affected by any of the known SSH vulnerabilities?

Short Answer

Netreo is NOT vulnerable to any of these exploits.

Netreo uses the OpenSSH networking utilities suite. In practice, the following vulnerabilities are not exploitable in Netreo. Additionally, users can disable SSH shell access entirely using the Netreo system preferences if they would like to eliminate these results from their vulnerability scans entirely.

CVE-2016-10009
CVE-2016-10010
These are not exploitable as they have to do with port forwarding, which is disabled in Netreo’s SSH implementation.

CVE-2016-10011
CVE-2016-10012
These are local user privilege escalation issues that are not exploitable as they require local shell access, which Netreo does not provide to any user.

CVE-2016-8858
This is a disputed CVE. OpenSSH does not consider it a vulnerability and therefore it is not fixed. The worst case scenario in any case is a local DOS of the SSH process which is resource limited.