APC Network Management Card 3 - CVE-2008-5161 - SSH CBC Detected
Issue:
A customer reports : "There is a Vulnerability on our NMC3's - CVE-2008-5161"
Product Line:
AP9640 / AP9641
Resolution:
This vulnerability involves cipher block chaining (CBC) on the SSH protocol which is considered no longer safe as announced by Microsoft.
This issue is now fixed from v.3.1 onwards. This is also written on page 4 of the attached release notes from version 3.1.1.1 which is the latest version as of the publication of this article.
Aside from being a low-severity vulnerability (see CVSS v2.0 rating at https://nvd.nist.gov/vuln/detail/CVE-2008-5161), actions can be done to easily mitigate this, by following the security best practices such as:
- Network segmentation
- Using the NMC's Firewall to limit access to the device.
- Putting the NMC behind a stateful firewall to limit access to the network where the NMC is installed.
- Ensuring that all SSH clients are updated (do not use CBC ciphers).
By not defining which SSH cipher to use, the NMC3 always uses the strongest cipher available (aes256-ctr mac).
If you have any clarifications, please feel free to contact us at 1-800-800-4272 or chat with our technical support representatives.
發佈於: 施耐德電機Taiwan
需要協助?
產品選型工具
快速輕鬆地為您的應用找到合適的產品和附件。
取得報價
立即線上提交您的銷售需求,專業團隊將主動聯繫您。
購買地點
輕鬆在您所在地區找到最近的施耐德電機經銷商。
支援中心
在同一位置找到滿足您所有需求的支援資源。