Page History
This article outlines the impact of the recent OpenSSH Vulnerability: CVE-2024-6387 on Blancco products and provides guidance for our customers to ensure their systems are secure. This information is crucial for our customers to understand the necessary steps to mitigate any potential issues.
- Blancco Drive Eraser (BDE)
- Status: Potentially affected.
- Details: The SSH connection based on the OpenSSH library is disabled by default. Customers must manually enable it using the Blancco Configuration Tool or through the Blancco Drive Eraser UI under the settings. If enabled, it is recommended to ensure OpenSSH is updated to the latest version to avoid vulnerabilities, at the moment our Development team is working on patch release BDE 7.13 to update the OpenSSH and we will update this article with release data as we approach it.
- Action: Don’t enable SSH until the new is BDE 7.13 released.
- Blancco Management Portal (BMP)
- Status: Not affected.
- Details: BMP does not utilize OpenSSH.
- Action: No action is required.
- Cloud.blancco.com
- Status: Patched.
- Details: The cloud service was patched in June to address OpenSSH vulnerabilities.
- Action: No action is required.
- On-Premise Blancco Management Console (BMC)
- Status: Potentially affected.
- Details: We do not provide an operating system for BMC installations. Customers are responsible for installing Linux or Windows operating systems for BMC, which may include vulnerable OpenSSH versions.
- Action: Customers should ensure their operating systems are updated to the latest version to mitigate any security risks.