This article provides information on how to mitigate the CVE-2023-28531 vulnerability.
→ Applies to: SynetoOS 4.x
Vulnerability description
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
SOURCES
NIST (https://nvd.nist.gov/vuln/detail/CVE-2023-28531)
Mitigation
This CVE has NO impact on SynetoOS, as the exploitable feature is not present.
Version check
Step 1. Connect to SynetoOS appliance via SSH as admin
ssh admin@<your_ip_address_or_hostname>
Step 2 (optional). Change into Solaris shell (in case you're directed to an unsupported shell)
un sh
Step 3. Get root privileges
sudo su -
Step 4. Display the version of SSH on the system
ssh -VEXAMPLE OUTPUT
root@syneto-esxi-s2:/var/storage/support# ssh -V OpenSSH_8.0p1, OpenSSL 1.1.1d 10 Sep 2019