Skip to Content
This is the latest documentation for BMC Helix Network Management (formerly known as Netreo).

 

Is Netreo Vulnerable to the CVE-2024-3094 xz Utils backdoor vulnerability?

Short Answer

No. Netreo is NOT vulnerable to this exploit.

On Friday, March 29, 2024, it was announced that researchers had discovered a vulnerability in widely used Linux distributions. Specifically within the liblzma data compression library (xz Utils versions 5.6.0 and 5.6.1). This vulnerability could be exploited to compromise OpenSSH and allow an attacker to remotely access unauthorized systems. This exploit has been catalogued as CVE-2024-3094.

We have confirmed that Netreo systems do not use the affected versions of xz Utils, so it is not vulnerable. Additionally, Netreo does not expose OpenSSH to the public internet on networks under its control, which is necessary for an external attacker to exploit vulnerable instances.

If you have any concerns, please feel free to contact Netreo Support.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix Network Management