How to respond to Nessus reported OpenSSH Vulnerabilities against the RSA Authentication Manager 8.4 or later
Originally Published: 2020-10-05
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4.0 or later
Platform: Linux
Platform (Other): Suse Linux Enterprise Server
O/S Version: SLES 12 Service Pack 3 or later
Product Name: RSA SecurID
Issue
For example, Nessus vulnerability ID’s 90023, 93194, 96151, 99359, 103781 are listed against the latest version of the RSA Authentication Manager 8.4 P13 or 8.5
This KB will explain how to identify accurate OpenSSH package details and show RSA Authentication Manager is NOT EXPLOITABLE.
Resolution
Relating to Nessus ID 93194, for example, there are few reference Information in Tenable site: CVE: CVE-2015-8325, CVE-2016-6515, CVE-2016-6210
https://www.tenable.com/plugins/nessus/93194
Relating to Nessus ID 96151, reference Information are: CVE: CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012
https://www.tenable.com/plugins/nessus/96151
Relating to Nessus ID 99359, there is no CVE:
https://www.tenable.com/plugins/nessus/99359
Relating to Nessus ID 103781, reference Information is: CVE: CVE-2017-15906
https://www.tenable.com/plugins/nessus/103781
1. Find the RSA Authentication Manager version and SUSE Linux Enterprise Server version as below:
rsaadmin@ehud:~> cat /etc/issue RSA Authentication Manager 8.5.0.0.0-build1415100 rsaadmin@ehud:~> cat /etc/os-release NAME="SLES" VERSION="12-SP3" VERSION_ID="12.3" PRETTY_NAME="SUSE Linux Enterprise Server 12 SP3" ID="sles" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:suse:sles:12:sp3"2. Find openssh package version as below:
rsaadmin@ehud:~> sudo su - [sudo] password for rsaadmin: ehud:~ # zypper search -si ssh Loading repository data... Warning: No repositories defined. Operating only with the installed resolvables. Nothing can be installed. Reading installed packages... S | Name | Type | Version | Arch | Repository ---+-----------+---------+---------------+--------+------------------ i | libssh2-1 | package | 1.4.3-20.14.1 | x86_64 | (System Packages) i+ | openssh | package | 7.2p2-74.54.1 | x86_64 | (System Packages)
3. Take a Nessus vulnerability ID - 103781 from above examples. It has a reference information CVE-2017-15906 in Tenable site.
Look up SUSE Linux site and find a corresponding CVE:
https://www.suse.com/security/cve/CVE-2017-15906/
It has a following fix in SUSE Linux Enterprise Server 12 SP3:
openssh >= 7.2p2-74.11.1
openssh-askpass-gnome >= 7.2p2-74.11.3
openssh-fips >= 7.2p2-74.11.1
openssh-helpers >= 7.2p2-74.11.1
Patchnames:
SUSE-SLE-SERVER-12-SP3-2017-2009
As per zypper command outputs, AM 8.4 P13 or AM8.5 has later package (7.2p2-74.54.1) from step 2 than the fixed version of 7.2p2-74.11.1 in SLES 12 SP3.
Thus the reported vulnerability is Not Exploitable.
Related Articles
Possible Apache vulnerabilities when scanned with McAfee Foundstone Enterprise Number of Views Weak Certificate Signature Hashing Algorithm on TCP ports 5550 & 5580, CVE-2004-2761, CVE-2005-4900 Number of Views Windows Authentication Agent 7.3.x Installation fails with error: "Error 25001.Custom Action Name: Deferred_ServerCer Erro… Number of Views Tenable Vulnerability Management - SAML Relying Party Configuration - RSA Ready Implementation Guide Number of Views Response to OpenSSH Vulnerabilities on RSA Authentication Manager 8.8 - CVE-2023-51385, CVE-2023-51767, CVE-2023-51384 Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
