<html><head>
<style id="css_styles">
blockquote.cite { margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc }
blockquote.cite2 {margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc; margin-top: 3px; padding-top: 0px; }
a img { border: 0px; }
table { border-collapse: collapse; }
li[style='text-align: center;'], li[style='text-align: center; '], li[style='text-align: right;'], li[style='text-align: right; '] { list-style-position: inside;}
body { font-family: Calibri; font-size: 16pt; }
.quote { margin-left: 1em; margin-right: 1em; border-left: 5px #ebebeb solid; padding-left: 0.3em; }
</style>
</head>
<body><div>I have a server that needs to pass a PCI Compliance scan. It passes everything except an issue with OpenSSH that I am not sure how to mitigate.</div><div><br /></div><div>The results show that the CVE ID is CVE-2020-15778</div><div><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15778">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15778</a></div><div><br /></div><div>The threat description is:</div><div><br /></div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div>OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.
</div><div><br /></div><div>OpenSSH contains the following vulnerabilities:
</div><div>OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows. Affected Versions:
</div><div>OpenSSH versions prior to 8.3</div><div><br /></div></blockquote>Anyone know if this can be fixed on a 5210R so it passes PCI Compliance?<br />
<div><br /></div><div id="signature_old" style="clear:both"><div id="xb51b3f532a9243e"><div id="xedcd1f00142d498fb02d0a5dd88924ea"><div class="plain_line" style="background-color:rgba(0,0,0,0);">Thanks,<span> </span></div>
<div class="plain_line" style="background-color:rgba(0,0,0,0);">________________________________</div>
<div class="plain_line" style="background-color:rgba(0,0,0,0);">M Aronoff Out – <a href="mailto:maronoff@gmail.com" style="">maronoff@gmail.com</a> </div>
<div class="plain_line" style="background-color:rgba(0,0,0,0);"> </div>
<div class="plain_line" style="background-color:rgba(0,0,0,0);">I'm a great believer in luck, and I find </div><div class="plain_line" style="background-color:rgba(0,0,0,0);">the harder I work the more I have of it.</div>
<div class="plain_line" style="background-color:rgba(0,0,0,0);"> - Thomas Jefferson</div></div></div></div><div><br /></div>
</body></html>