Summary
Erlang/OTP is a set of libraries for the Erlang programming language. In some versions of Erlang/OTP, an SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. A temporary workaround involves disabling the SSH server or preventing access via firewall rules.
Products Potentially Affected
OS/Product
|
Exposure
|
ExtremeCloud Orchestrator (XCO/EFA)
|
Yes
|
Repair Recommendations
Please see the full security advisory article here for more details and future updates.