• Is OmniCenter affected by any of the known SSH vulnerabilities?

    OmniCenter uses the OpenSSH networking utilities suite. In practice, the following vulnerabilities are not exploitable in OmniCenter. Additionally, users can disable SSH shell access entirely using the OmniCenter system preferences if they would like to eliminate these results from their vulnerability scans entirely. CVE-2016-10009CVE-2016-10010These are not exploitable as they have…

  • Is OmniCenter affected by the DHCP Command injection vulnerability?

    Short Answer OmniCenter is NOT vulnerable to this exploit. Updated: 17 May 2018 In May 2018, A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in CentOS, Fedora, and Red Hat Enterprise Linux. This exploit was cataloged as CVE-2018-1111. Netreo has evaluated this vulnerability and…

  • Is OmniCenter affected by the Intel Meltdown/Spectre kernel memory vulnerabilities?

    Short Answer OmniCenter is NOT vulnerable to this exploit. Updated: 8 January 2018 In January 2018, a vulnerability was discovered in all versions of the Intel X86-64 processor architecture that can cause arbitrary memory leakage, possibly including code execution or the dissemination of critical protected information (such as passwords) contained…

  • Is OmniCenter vulnerable to the SambaCry exploit?

    Short Answer OmniCenter does not expose any writable file shares, and therefore IS NOT, and HAS NEVER BEEN, vulnerable to this exploit. In May 2017, Samba.org announced the existence of CVE-2017-7494) (also known as the SambaCry bug), which is a serious vulnerability in the Samba open-source file sharing SMB library. This weakness allows…

  • Is OmniCenter vulnerable to the Intel AMT/ISM exploit?

    Short Answer OmniCenter is NOT vulnerable to this exploit. In May 2017, security vulnerability CVE-2017-5689 was disclosed that affects Intel-based hardware systems running Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). Exploiting this vulnerability means that an unprivileged local attacker could provision manageability features gaining…

  • Is OmniCenter vulnerable to the Venom exploit?

    Short Answer OmniCenter is NOT vulnerable to this exploit. In May 2015, security vulnerability CVE-2015-3456 (also known as Venom) was disclosed that affects Xen and KVM virtualized host systems. This vulnerability allows an attacker who controls a virtual machine on the host system to compromise other virtual machines by using a flaw…

  • Is OmniCenter vulnerable to the Ghost exploit?

    Short Answer Based on our testing and research, we believe that OmniCenter is NOT vulnerable to this exploit at this time. In January 2015, Qualys announced the existence of security vulnerability CVE-2015-0235 (also known as Ghost) in one of the underlying libraries that is used in almost all Linux-based operating systems. This…

  • Is OmniCenter vulnerable to the ShellShock BASH exploit?

    Short Answer OmniCenter is NOT vulnerable to this exploit. In September 2014, the vulnerability CVE-2014-6271 (also known as Shellshock) was discovered in the BASH operating system shell used in most or all versions of Linux (as well as Mac OS X). Netreo evaluated this vulnerability and determined that our products are NOT…

  • Is OmniCenter vulnerable to the Heartbleed bug in OpenSSL?

    Short Answer The version of OpenSSL that OmniCenter uses IS NOT, and HAS NEVER BEEN, vulnerable to this exploit. In April 2014, OpenSSL announced the existence of the CVE-2014-0160 bug (also known as Heartbleed) which is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected,…