Total vulnerabilities in the database
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
| Software | From | Fixed in |
|---|---|---|
| erlang / erlang/otp | - | 25.3.2.20 |
| erlang / erlang/otp | 26.0 | 26.2.5.11 |
| erlang / erlang/otp | 27.0 | 27.3.3 |
| cisco / confd_basic | - | 7.7.19.1 |
| cisco / confd_basic | 8.0.18 | 8.1.16.2 |
| cisco / confd_basic | 8.2 | 8.2.11.1 |
| cisco / confd_basic | 8.3 | 8.3.8.1 |
| cisco / confd_basic | 8.4 | 8.4.4.1 |
| cisco / network_services_orchestrator | - | 5.7.19.1 |
| cisco / network_services_orchestrator | 5.8 | 6.1.16.2 |
| cisco / network_services_orchestrator | 6.2 | 6.2.11.1 |
| cisco / network_services_orchestrator | 6.3 | 6.3.8.1 |
| cisco / network_services_orchestrator | 6.4 | 6.4.1.1 |
| cisco / network_services_orchestrator | 6.4.2 | 6.4.4.1 |
| cisco / staros | - | - |
| cisco / smart_phy | - | 25.2 |
| cisco / cloud_native_broadband_network_gateway | - | 2025.03.1 |
| cisco / optical_site_manager | - | 25.2.1 |
| cisco / ncs_2000_shelf_virtualization_orchestrator_firmware | - | 25.1.1 |
| cisco / enterprise_nfv_infrastructure_software | - | 4.18 |
| cisco / ultra_cloud_core | - | 2025.03.1 |