Symptoms
A PCI scan for a cPanel server returns OpenSSH is vulnerable to CVE-2021-41617.
Description
PCI scans detect vulnerabilities in the operating system or other software. Many vulnerabilities are false matches on updated systems.
Workaround
Report this as a false match to the PCI vendor. See the below article for more details on reporting false matches.
Neither of the functions required to exploit this vulnerability is enabled by default for versions of OpenSSH shipped by Red Hat 7 and 8.
Statement from RedHat:
Statement
Neither the AuthorizedKeysCommand
directive nor AuthorizedPrincipalsCommand
are enabled by default in the versions of OpenSSH as shipped with Red Hat Enterprise Linux 7 and 8.