Skip to Content
This is the latest documentation for BMC Helix Network Management (formerly known as Netreo).

 

Is there any exposure to any known SSH vulnerabilities?

Short Answer

No. BMC Helix Network Management is NOT vulnerable to any of these exploits.

BMC Helix Network Management uses the OpenSSH networking utilities suite. In practice, the following vulnerabilities are not exploitable in BMC Helix Network Management. Additionally, users can disable SSH shell access entirely using the BMC Helix Network Management system preferences if they would like to eliminate these results from their vulnerability scans entirely.

CVE-2016-10009
CVE-2016-10010
These are not exploitable as they have to do with port forwarding, which is disabled in BMC Helix Network Management’s SSH implementation.

CVE-2016-10011
CVE-2016-10012
These are local user privilege escalation issues that are not exploitable as they require local shell access, which BMC Helix Network Management does not provide to any user.

CVE-2016-8858
This is a disputed CVE. OpenSSH does not consider it a vulnerability and therefore it is not fixed. The worst-case scenario in any case is a local DOS of the SSH process which is resource-limited.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix Network Management