{
  "document" : {
    "aggregate_severity" : {
      "text" : "hoch"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "OpenSSH ist eine Open Source Implementierung des Secure Shell Protokolls.",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in OpenSSH ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen, seine Privilegien zu erweitern oder einen Denial of Service Angriff durchzuführen.",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- Linux\n- UNIX",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2023-1996 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2023-1996.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2023-1996 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1996"
    }, {
      "category" : "external",
      "summary" : "OpenSSH 7.4 Release vom 2016-12-19",
      "url" : "http://www.openssh.com/txt/release-7.4"
    }, {
      "category" : "external",
      "summary" : "SecurityTracker Alert ID 1037490 vom 2016-12-19",
      "url" : "http://www.securitytracker.com/id/1037490"
    }, {
      "category" : "external",
      "summary" : "FreeBSD Security Advisory: FreeBSD-SA-17:01.openssh.asc",
      "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:01.openssh.asc"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2017:0264-1 vom 2017-01-24",
      "url" : "https://www.suse.com/support/update/announcement/2017/suse-su-20170264-1.html"
    }, {
      "category" : "external",
      "summary" : "F5 Security Advisory K64292204 vom 2017-01-24",
      "url" : "https://support.f5.com/csp/article/K64292204"
    }, {
      "category" : "external",
      "summary" : "F5 Security Advisory K31440025 vom 2017-01-24",
      "url" : "https://support.f5.com/csp/article/K31440025"
    }, {
      "category" : "external",
      "summary" : "F5 Security Advisory K62201745 vom 2017-01-27",
      "url" : "https://support.f5.com/csp/article/K62201745"
    }, {
      "category" : "external",
      "summary" : "IBM Security Advisory openssh_advisory10.asc",
      "url" : "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory10.asc"
    }, {
      "category" : "external",
      "summary" : "The FreeBSD Project Security Advisory: FreeBSD-SA-17:01.openssh",
      "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:01.openssh.asc"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2017:0603-1 vom 2017-03-03",
      "url" : "https://www.suse.com/support/update/announcement/2017/suse-su-20170603-1.html"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2017:0607-1 vom 2017-03-06",
      "url" : "https://www.suse.com/support/update/announcement/2017/suse-su-20170607-1.html"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2017:0606-1 vom 2017-03-06",
      "url" : "https://www.suse.com/support/update/announcement/2017/suse-su-20170606-1.html"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2017:1661-1 vom 2017-06-24",
      "url" : "https://www.suse.com/support/update/announcement/2017/suse-su-20171661-1.html"
    }, {
      "category" : "external",
      "summary" : "RedHat Security Advisory: RHSA-2017:2029",
      "url" : "https://access.redhat.com/errata/RHSA-2017:2029"
    }, {
      "category" : "external",
      "summary" : "Ubuntu Security Notice USN-3538-1 vom 2018-01-22",
      "url" : "http://www.ubuntu.com/usn/usn-3538-1/"
    }, {
      "category" : "external",
      "summary" : "McAfee Security Bulletin: SB10239",
      "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10239"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2018:2275-1 vom 2018-08-10",
      "url" : "https://www.suse.com/support/update/announcement/2018/suse-su-20182275-1.html"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2018:2685-1 vom 2018-09-11",
      "url" : "https://www.suse.com/support/update/announcement/2018/suse-su-20182685-1.html"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2018:2719-1 vom 2018-09-15",
      "url" : "https://www.suse.com/support/update/announcement/2018/suse-su-20182719-1.html"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2018:3540-1 vom 2018-10-29",
      "url" : "https://www.suse.com/support/update/announcement/2018/suse-su-20183540-1.html"
    }, {
      "category" : "external",
      "summary" : "Palo Alto Networks Security Advisory PAN-SA-2020-0005 vom 2020-05-13",
      "url" : "https://security.paloaltonetworks.com/PAN-SA-2020-0005"
    }, {
      "category" : "external",
      "summary" : "Juniper Security Advisory JSA11169 vom 2021-04-16",
      "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11169"
    }, {
      "category" : "external",
      "summary" : "Amazon Linux Security Advisory ALAS-2023-2176 vom 2023-08-09",
      "url" : "https://alas.aws.amazon.com/AL2/ALAS-2023-2176.html"
    }, {
      "category" : "external",
      "summary" : "Amazon Linux Security Advisory ALAS-2023-1802 vom 2023-08-23",
      "url" : "https://alas.aws.amazon.com/ALAS-2023-1802.html"
    }, {
      "category" : "external",
      "summary" : "Dell Security Advisory DSA-2024-198 vom 2024-05-08",
      "url" : "https://www.dell.com/support/kbdoc/000224827/dsa-2024-="
    }, {
      "category" : "external",
      "summary" : "Moxa Security Advisory MPSA-256261 vom 2026-01-09",
      "url" : "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-256261-cve-2023-38408-openssh-vulnerability-in-ethernet-switches"
    }, {
      "category" : "external",
      "summary" : "IBM Security Bulletin 7256856 vom 2026-01-13",
      "url" : "https://www.ibm.com/support/pages/node/7256856"
    } ],
    "source_lang" : "en-US",
    "title" : "OpenSSH: Mehrere Schwachstellen",
    "tracking" : {
      "current_release_date" : "2026-01-12T23:00:00.000+00:00",
      "generator" : {
        "date" : "2026-01-13T09:05:55.124+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.5.0"
        }
      },
      "id" : "WID-SEC-W-2023-1996",
      "initial_release_date" : "2016-12-19T23:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2016-12-19T23:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initial Release"
      }, {
        "date" : "2016-12-19T23:00:00.000+00:00",
        "number" : "2",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2016-12-19T23:00:00.000+00:00",
        "number" : "3",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2017-01-10T23:00:00.000+00:00",
        "number" : "4",
        "summary" : "New remediations available"
      }, {
        "date" : "2017-01-23T23:00:00.000+00:00",
        "number" : "5",
        "summary" : "New remediations available"
      }, {
        "date" : "2017-01-23T23:00:00.000+00:00",
        "number" : "6",
        "summary" : "New remediations available"
      }, {
        "date" : "2017-01-23T23:00:00.000+00:00",
        "number" : "7",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2017-01-29T23:00:00.000+00:00",
        "number" : "8",
        "summary" : "New remediations available"
      }, {
        "date" : "2017-02-20T23:00:00.000+00:00",
        "number" : "9",
        "summary" : "New remediations available"
      }, {
        "date" : "2017-02-20T23:00:00.000+00:00",
        "number" : "10",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2017-02-20T23:00:00.000+00:00",
        "number" : "11",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2017-02-22T23:00:00.000+00:00",
        "number" : "12",
        "summary" : "New remediations available"
      }, {
        "date" : "2017-03-05T23:00:00.000+00:00",
        "number" : "13",
        "summary" : "New remediations available"
      }, {
        "date" : "2017-03-06T23:00:00.000+00:00",
        "number" : "14",
        "summary" : "New remediations available"
      }, {
        "date" : "2017-03-06T23:00:00.000+00:00",
        "number" : "15",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2017-06-26T22:00:00.000+00:00",
        "number" : "16",
        "summary" : "New remediations available"
      }, {
        "date" : "2017-08-01T22:00:00.000+00:00",
        "number" : "17",
        "summary" : "New remediations available"
      }, {
        "date" : "2017-08-07T22:00:00.000+00:00",
        "number" : "18",
        "summary" : "Added references"
      }, {
        "date" : "2018-06-13T22:00:00.000+00:00",
        "number" : "19",
        "summary" : "New remediations available"
      }, {
        "date" : "2018-08-09T22:00:00.000+00:00",
        "number" : "20",
        "summary" : "New remediations available"
      }, {
        "date" : "2018-08-09T22:00:00.000+00:00",
        "number" : "21",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2018-08-09T22:00:00.000+00:00",
        "number" : "22",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2018-08-23T22:00:00.000+00:00",
        "number" : "23",
        "summary" : "Added references"
      }, {
        "date" : "2018-09-11T22:00:00.000+00:00",
        "number" : "24",
        "summary" : "Produkte ergänzt"
      }, {
        "date" : "2018-09-11T22:00:00.000+00:00",
        "number" : "25",
        "summary" : "New remediations available"
      }, {
        "date" : "2018-09-16T22:00:00.000+00:00",
        "number" : "26",
        "summary" : "New remediations available"
      }, {
        "date" : "2018-10-29T23:00:00.000+00:00",
        "number" : "27",
        "summary" : "New remediations available"
      }, {
        "date" : "2020-05-13T22:00:00.000+00:00",
        "number" : "28",
        "summary" : "Neue Updates von Palo Alto Networks aufgenommen"
      }, {
        "date" : "2021-04-15T22:00:00.000+00:00",
        "number" : "29",
        "summary" : "Neue Updates von Juniper aufgenommen"
      }, {
        "date" : "2023-08-08T22:00:00.000+00:00",
        "number" : "30",
        "summary" : "Neue Updates von Amazon aufgenommen"
      }, {
        "date" : "2023-08-23T22:00:00.000+00:00",
        "number" : "31",
        "summary" : "Neue Updates von Amazon aufgenommen"
      }, {
        "date" : "2024-05-07T22:00:00.000+00:00",
        "number" : "32",
        "summary" : "Neue Updates von Dell aufgenommen"
      }, {
        "date" : "2026-01-08T23:00:00.000+00:00",
        "number" : "33",
        "summary" : "Neue Updates von moxa aufgenommen"
      }, {
        "date" : "2026-01-12T23:00:00.000+00:00",
        "number" : "34",
        "summary" : "Neue Updates von IBM aufgenommen"
      } ],
      "status" : "final",
      "version" : "34"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Amazon Linux 2",
        "product" : {
          "name" : "Amazon Linux 2",
          "product_id" : "398363",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:amazon:linux_2:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Amazon"
    }, {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version",
          "name" : "virtual",
          "product" : {
            "name" : "Dell NetWorker virtual",
            "product_id" : "T034583",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:dell:networker:virtual"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "NetWorker"
      } ],
      "category" : "vendor",
      "name" : "Dell"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "EMC Avamar",
        "product" : {
          "name" : "EMC Avamar",
          "product_id" : "T014381",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:emc:avamar:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "EMC"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "FreeBSD Project FreeBSD OS",
        "product" : {
          "name" : "FreeBSD Project FreeBSD OS",
          "product_id" : "4035",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:freebsd:freebsd:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "FreeBSD Project"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "IBM AIX",
        "product" : {
          "name" : "IBM AIX",
          "product_id" : "5094",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:ibm:aix:-"
          }
        }
      }, {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "<10.0.9.1",
          "product" : {
            "name" : "IBM Security Verify Access <10.0.9.1",
            "product_id" : "T049459"
          }
        }, {
          "category" : "product_version",
          "name" : "10.0.9.1",
          "product" : {
            "name" : "IBM Security Verify Access 10.0.9.1",
            "product_id" : "T049459-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:security_verify_access:v10.0.9.1"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<11.0.2",
          "product" : {
            "name" : "IBM Security Verify Access <11.0.2",
            "product_id" : "T049460"
          }
        }, {
          "category" : "product_version",
          "name" : "11.0.2",
          "product" : {
            "name" : "IBM Security Verify Access 11.0.2",
            "product_id" : "T049460-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:security_verify_access:11.0.2"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Security Verify Access"
      }, {
        "category" : "product_name",
        "name" : "IBM VIOS",
        "product" : {
          "name" : "IBM VIOS",
          "product_id" : "T004571",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:ibm:vios:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "IBM"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Juniper JUNOS",
        "product" : {
          "name" : "Juniper JUNOS",
          "product_id" : "5930",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:juniper:junos:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Juniper"
    }, {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "<4.1.58",
          "product" : {
            "name" : "Moxa Switch <4.1.58",
            "product_id" : "T049803"
          }
        }, {
          "category" : "product_version",
          "name" : "4.1.58",
          "product" : {
            "name" : "Moxa Switch 4.1.58",
            "product_id" : "T049803-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/h:moxa:switch:4.1.58"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<5.0.4",
          "product" : {
            "name" : "Moxa Switch <5.0.4",
            "product_id" : "T049804"
          }
        }, {
          "category" : "product_version",
          "name" : "5.0.4",
          "product" : {
            "name" : "Moxa Switch 5.0.4",
            "product_id" : "T049804-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/h:moxa:switch:5.0.4"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Switch"
      } ],
      "category" : "vendor",
      "name" : "Moxa"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "NetApp Data ONTAP",
        "product" : {
          "name" : "NetApp Data ONTAP",
          "product_id" : "7654",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:netapp:data_ontap:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "NetApp"
    }, {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "<7.4",
          "product" : {
            "name" : "Open Source OpenSSH <7.4",
            "product_id" : "8223"
          }
        }, {
          "category" : "product_version",
          "name" : "7.4",
          "product" : {
            "name" : "Open Source OpenSSH 7.4",
            "product_id" : "8223-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:openbsd:openssh:-"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "OpenSSH"
      } ],
      "category" : "vendor",
      "name" : "Open Source"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Palo Alto Networks PAN-OS",
        "product" : {
          "name" : "Palo Alto Networks PAN-OS",
          "product_id" : "T012790",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:paloaltonetworks:pan-os:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Palo Alto Networks"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Red Hat Enterprise Linux",
        "product" : {
          "name" : "Red Hat Enterprise Linux",
          "product_id" : "67646",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:redhat:enterprise_linux:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Red Hat"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "SUSE Linux",
        "product" : {
          "name" : "SUSE Linux",
          "product_id" : "T002207",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:suse:suse_linux:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "SUSE"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Ubuntu Linux",
        "product" : {
          "name" : "Ubuntu Linux",
          "product_id" : "T000126",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:canonical:ubuntu_linux:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Ubuntu"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2016-10009",
    "product_status" : {
      "known_affected" : [ "8223", "67646", "4035", "T049460", "T034583", "5094", "T049804", "T049803", "T014381", "T002207", "T000126", "398363", "T049459", "T004571" ]
    },
    "release_date" : "2016-12-19T23:00:00.000+00:00",
    "title" : "CVE-2016-10009"
  }, {
    "cve" : "CVE-2016-10010",
    "product_status" : {
      "known_affected" : [ "T049804", "8223", "T049803", "T014381", "T002207", "4035", "T000126", "T049460", "T034583", "398363", "T049459" ]
    },
    "release_date" : "2016-12-19T23:00:00.000+00:00",
    "title" : "CVE-2016-10010"
  }, {
    "cve" : "CVE-2016-10011",
    "product_status" : {
      "known_affected" : [ "T049804", "8223", "T049803", "T014381", "T002207", "67646", "T000126", "T049460", "T034583", "398363", "T049459" ]
    },
    "release_date" : "2016-12-19T23:00:00.000+00:00",
    "title" : "CVE-2016-10011"
  }, {
    "cve" : "CVE-2016-10012",
    "product_status" : {
      "known_affected" : [ "T049804", "8223", "T049803", "T014381", "T002207", "67646", "T000126", "T049460", "T034583", "398363", "T049459" ]
    },
    "release_date" : "2016-12-19T23:00:00.000+00:00",
    "title" : "CVE-2016-10012"
  }, {
    "product_status" : {
      "known_affected" : [ "8223", "67646", "4035", "T049460", "7654", "T034583", "5094", "T012790", "T049804", "T049803", "T014381", "T002207", "T000126", "5930", "398363", "T049459", "T004571" ]
    },
    "release_date" : "2016-12-20T23:00:00.000+00:00"
  }, {
    "product_status" : {
      "known_affected" : [ "T049804", "8223", "T049803", "T014381", "T002207", "T000126", "T049460", "T034583", "398363", "T049459" ]
    },
    "release_date" : "2016-12-20T23:00:00.000+00:00"
  } ]
}