APC Network Management Card 3 - CVE-2008-5161 - SSH CBC Detected
Issue:
A customer reports : "There is a Vulnerability on our NMC3's - CVE-2008-5161"
Product Line:
AP9640 / AP9641
Resolution:
This vulnerability involves cipher block chaining (CBC) on the SSH protocol which is considered no longer safe as announced by Microsoft.
This issue is now fixed from v.3.1 onwards. This is also written on page 4 of the attached release notes from version 3.1.1.1 which is the latest version as of the publication of this article.
Aside from being a low-severity vulnerability (see CVSS v2.0 rating at https://nvd.nist.gov/vuln/detail/CVE-2008-5161), actions can be done to easily mitigate this, by following the security best practices such as:
- Network segmentation
- Using the NMC's Firewall to limit access to the device.
- Putting the NMC behind a stateful firewall to limit access to the network where the NMC is installed.
- Ensuring that all SSH clients are updated (do not use CBC ciphers).
By not defining which SSH cipher to use, the NMC3 always uses the strongest cipher available (aes256-ctr mac).
If you have any clarifications, please feel free to contact us at 1-800-800-4272 or chat with our technical support representatives.
게시 대상: 슈나이더 일렉트릭 Korea
도움이 필요하신가요?
제품 선택기
애플리케이션에 적합한 제품과 액세서리를 빠르고 쉽게 찾을 수 있습니다.
견적 받기
영업 관련하여 온라인으로 문의하시면 전문가가 연락드립니다.
구매처
해당 지역의 가장 가까운 슈나이더 일렉트릭 대리점을 쉽게 찾을 수 있습니다.
지원 센터
한 곳에서 모든 요구 사항에 대한 지원 리소스를 찾아보십시오.