Overview

You are curious whether ExOS v7.4.13 is impacted by the following OpenSSH vulnerabilities: CVE-2006-4925, CVE-2006-5794 CVE-2007-0726. CVE-2007-4752, CVE-2007-2243. 

Information

ExOS version 7.4.13 is not impacted by the mentioned OpenSSH vulnerabilities.

The OpenSSH vulnerabilities only impact OpenSSH versions prior to 4.7. OpenSSH in the Exinda OS has already been updated to version 6.9 under ExOS version 7.4.8. Please see  Exinda | ExOS 7.4.8 Release Notes for more details.

ExOS latest version 7.5.0 was recently released, where OpenSSH has been upgraded to version 8.0, OpenSSL to version 1.1.1d, and Apache to version 2.4.41 to improve the core security of the Exinda appliance. Please see the the below articles for more details:

• Exinda 7.5.0 Release Notes
• What’s new in Exinda Network Orchestrator

We recommend upgrading the Exinda OS to the latest version 7.5.0. For product downloads and information about upgrading Exinda Network Orchestrator visit the GFI Upgrade Center.