Has anyone come across some VRA vulnerabilities, – Openssh, when carrying out an Internal vulnerabilty scan? How was it mitigated. External SSH access is already disabled at the firewall level. Is there a patch available?
1. OpenSSH < 7.4 Multiple Vulnerabilities Medium 2 Misc.
* CVE-2016-10012 Medium
* CVE-2016-10011 Medium
* CVE-2016-10010 Medium
* CVE-2016-10009 Medium
2. OpenSSH < 7.2p2 X11Forwarding xauth Command Injection
* CVE-2016-3115 Medium
Moving this post to the top as it was recently flagged in an audit that we had conducted.
Was this addressed or answered in relation to the OpenSSH vulnerability?