Welcome to Pax8's Trust Center. We earn your trust by doing what we say we'll do and by being transparent with our customers and stakeholders, which is why we've provided our security, compliance, and privacy information in one, easy-to-access site.
Trust thrives in situations where everyone can win together. This is especially important for managed service providers (MSPs), because they are entrusted to protect the critical IT infrastructure and data of their clients. We recognize that our customers can only deliver on their promises when Pax8 operates as a trustworthy partner.
Pax8's security and privacy programs are led by industry veterans with decades of experience: Robb Reck: Chief Trust & Security Officer Carrie Schiff: Chief Legal Officer
We take the usage of AI seriously in our organization and work to ensure security and reliability of the AI.
We follow industry best practices for endpoint security. We are happy to provide more details about our endpoint security practices upon request.
We protect our corporate network against external & internal threats.
This Pax8 Security Advisory is a notification of a potential security threat.
A critical OpenSSH vulnerability requires immediate attention. Remote Code Execution Vulnerabilities are rare but pose a significant threat. The vulnerability has been validated in a lab environment by Qualys and was made public on 1 July 2024. Use this brief window to patch before exploitation begins.
About this Vulnerability
The vulnerability could potentially allow remote code execution on systems accessible over SSH (port 22) as the 'root' user, leading to full system compromise.
Potential Impact
Systems with exposed port 22 are at risk. Attackers could exploit this vulnerability to move laterally within infrastructure, deploy ransomware, or other malicious software.
Recommend Immediate Patching Actions
Pax8 Security team advises patching the following versions of OpenSSH:
- OpenSSH versions before 4.4p1
- OpenSSH versions 8.5p1through but not including 9.8p1
References
If you need help using this Trust Center, please contact us.