Detections
Analytics

NewStart CGSL MAIN 7.02 : openssh Multiple Vulnerabilities (NS-SA-2025-0124)

critical Nessus Plugin ID 242758

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 7.02, has openssh packages installed that are affected by multiple vulnerabilities:

 - A race condition in sshd affecting versions between 8.5p1 and 9.7p1 (inclusive) may allow arbitrary code execution with root privileges. Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. According to OpenSSH, the attack has been tested under lab conditions and requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. (CVE-2024-6387)

 - A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. (CVE-2024-6387)

 - The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. (CVE-2023-38408)

 - OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling.
 This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states remote code execution is theoretically possible. (CVE-2023-25136)

 - In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys. (CVE-2023-51384)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL openssh packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/notice/NS-SA-2025-0124

https://security.gd-linux.com/info/CVE-2023-25136

https://security.gd-linux.com/info/CVE-2023-38408

https://security.gd-linux.com/info/CVE-2023-51384

https://security.gd-linux.com/info/CVE-2023-51385

https://security.gd-linux.com/info/CVE-2024-6387

https://security.gd-linux.com/info/CVE-2025-26465

https://security.gd-linux.com/info/CVE-2025-32728

Plugin Details

Severity: Critical

ID: 242758

File Name: newstart_cgsl_NS-SA-2025-0124_openssh.nasl

Version: 1.1

Type: local

Published: 7/25/2025

Updated: 7/25/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-6387

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2023-38408

CVSS v4

Risk Factor: Critical

Base Score: 9.2

Threat Score: 8.2

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:openssh-clients, p-cpe:/a:zte:cgsl_main:openssh-server, p-cpe:/a:zte:cgsl_main:openssh-core, p-cpe:/a:zte:cgsl_main:openssh, p-cpe:/a:zte:cgsl_main:openssh-askpass, cpe:/o:zte:cgsl_main:7, p-cpe:/a:zte:cgsl_main:openssh-clients-core, p-cpe:/a:zte:cgsl_main:openssh-server-core

Required KB Items: Host/local_checks_enabled, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/25/2025

Vulnerability Publication Date: 2/3/2023

Reference Information

CVE: CVE-2023-25136, CVE-2023-38408, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2025-26465, CVE-2025-32728

IAVA: 2023-A-0073-S, 2023-A-0377-S, 2023-A-0701-S, 2024-A-0375-S, 2025-A-0126-S, 2025-A-0258