Who rated this post

cancel
Showing results for 
Search instead for 
Did you mean: 
Tomer_Noy
Employee
Employee

Just to clarify, the originally released HF fixed the CVE vulnerability for the Remote Access portal.

After releasing that HF, we found that cccd process was not patched, therefore instructed people to deactivate cccd if their configuration allows potential use of the vulnerability (and we include that statement in the script output). Remember that cccd is off-by-default, but we wanted to be extra careful in case someone activated it manually.

The JHFs that we recently released include a fix / patch for cccd as well. That's why when using JHFs it's no longer important to deactivate cccd and we don't warn that it's vulnerable in the script.

(1)
Who rated this post