How to respond to Nessus reported OpenSSH Vulnerabilities against the RSA Authentication Manager 8.4 or later
Originally Published: 2020-10-05
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4.0 or later
Platform: Linux
Platform (Other): Suse Linux Enterprise Server
O/S Version: SLES 12 Service Pack 3 or later
Product Name: RSA SecurID
Issue
For example, Nessus vulnerability ID’s 90023, 93194, 96151, 99359, 103781 are listed against the latest version of the RSA Authentication Manager 8.4 P13 or 8.5
This KB will explain how to identify accurate OpenSSH package details and show RSA Authentication Manager is NOT EXPLOITABLE.
Resolution
Relating to Nessus ID 93194, for example, there are few reference Information in Tenable site: CVE: CVE-2015-8325, CVE-2016-6515, CVE-2016-6210
https://www.tenable.com/plugins/nessus/93194
Relating to Nessus ID 96151, reference Information are: CVE: CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012
https://www.tenable.com/plugins/nessus/96151
Relating to Nessus ID 99359, there is no CVE:
https://www.tenable.com/plugins/nessus/99359
Relating to Nessus ID 103781, reference Information is: CVE: CVE-2017-15906
https://www.tenable.com/plugins/nessus/103781
1. Find the RSA Authentication Manager version and SUSE Linux Enterprise Server version as below:
rsaadmin@ehud:~> cat /etc/issue RSA Authentication Manager 8.5.0.0.0-build1415100 rsaadmin@ehud:~> cat /etc/os-release NAME="SLES" VERSION="12-SP3" VERSION_ID="12.3" PRETTY_NAME="SUSE Linux Enterprise Server 12 SP3" ID="sles" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:suse:sles:12:sp3"2. Find openssh package version as below:
rsaadmin@ehud:~> sudo su - [sudo] password for rsaadmin: ehud:~ # zypper search -si ssh Loading repository data... Warning: No repositories defined. Operating only with the installed resolvables. Nothing can be installed. Reading installed packages... S | Name | Type | Version | Arch | Repository ---+-----------+---------+---------------+--------+------------------ i | libssh2-1 | package | 1.4.3-20.14.1 | x86_64 | (System Packages) i+ | openssh | package | 7.2p2-74.54.1 | x86_64 | (System Packages)
3. Take a Nessus vulnerability ID - 103781 from above examples. It has a reference information CVE-2017-15906 in Tenable site.
Look up SUSE Linux site and find a corresponding CVE:
https://www.suse.com/security/cve/CVE-2017-15906/
It has a following fix in SUSE Linux Enterprise Server 12 SP3:
openssh >= 7.2p2-74.11.1
openssh-askpass-gnome >= 7.2p2-74.11.3
openssh-fips >= 7.2p2-74.11.1
openssh-helpers >= 7.2p2-74.11.1
Patchnames:
SUSE-SLE-SERVER-12-SP3-2017-2009
As per zypper command outputs, AM 8.4 P13 or AM8.5 has later package (7.2p2-74.54.1) from step 2 than the fixed version of 7.2p2-74.11.1 in SLES 12 SP3.
Thus the reported vulnerability is Not Exploitable.
Related Articles
Possible Apache vulnerabilities when scanned with McAfee Foundstone Enterprise Number of Views Authentication Manager version 8.X how to demonstrate no increased risks in RADIUS TCP ports 1812 & 1813 reported vulnerab… Number of Views Windows Authentication Agent 7.3.x Installation fails with error: "Error 25001.Custom Action Name: Deferred_ServerCer Erro… Number of Views KCA Apache web server showing security vulnerability with scan due patch level/version Number of Views Tenable Vulnerability Management - SAML My Page SSO Configuration - RSA Ready Implementation Guide Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA Release Notes for RSA Authentication Manager 8.8 RSA SecurID Software Token 5.0.2 for Windows Desktop displays message after reboot due to roaming profile: No token stor… Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
