Test ID:	1.3.6.1.4.1.25623.1.0.153514
Category:	General
Title:	QNAP QTS Multiple OpenSSH Vulnerabilities (QSA-24-37)
Summary:	QNAP QTS is prone to multiple vulnerabilities in OpenSSH.
Description:	Summary: QNAP QTS is prone to multiple vulnerabilities in OpenSSH. Vulnerability Insight: Multiple vulnerabilities have been reported in OpenSSH. The vulnerabilities have been found to affect certain QNAP operating system versions. Affected Software/OS: QNAP QTS version 5.1.x prior to 5.1.8.2823 build 20240712. Solution: Update to version 5.1.8.2823 build 20240712 or later. CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-14145 https://security.gentoo.org/glsa/202105-35 https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d https://docs.ssh-mitm.at/CVE-2020-14145.html https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1 https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/ http://www.openwall.com/lists/oss-security/2020/12/02/1 Common Vulnerability Exposure (CVE) ID: CVE-2021-41617 https://bugzilla.suse.com/show_bug.cgi?id=1190975 https://security.netapp.com/advisory/ntap-20211014-0004/ Debian Security Information: DSA-5586 (Google Search) https://www.debian.org/security/2023/dsa-5586 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/ https://www.starwindsoftware.com/security/sw-20220805-0001/ https://www.tenable.com/plugins/nessus/154174 https://www.openssh.com/security.html https://www.openssh.com/txt/release-8.8 https://www.openwall.com/lists/oss-security/2021/09/26/1 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html Common Vulnerability Exposure (CVE) ID: CVE-2023-38408 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/ https://security.gentoo.org/glsa/202307-01 http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8 https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca https://news.ycombinator.com/item?id=36790196 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408 https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html http://www.openwall.com/lists/oss-security/2023/07/20/1 http://www.openwall.com/lists/oss-security/2023/07/20/2 http://www.openwall.com/lists/oss-security/2023/09/22/11 http://www.openwall.com/lists/oss-security/2023/09/22/9
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.