PT-2017-16417 · Rapid7+1 · Rapid7 Nexpose+1

Liam Somerville

Publicado

2017-06-06

Atualizado

2019-10-09

CVE-2017-5243

CVSS v3.1

8.5

Alta

Vetor

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Rapid7 Nexpose hardware appliances versions prior to June 2017

Description The default SSH configuration does not specify desired algorithms for key exchange and other important functions, allowing all algorithms supported by the relevant version of OpenSSH. This makes the installations vulnerable to man-in-the-middle (MITM), downgrade, and decryption attacks.

Recommendations For Rapid7 Nexpose hardware appliances versions prior to June 2017, consider updating the SSH configuration to specify desired algorithms for key exchange and other important functions to prevent MITM, downgrade, and decryption attacks.

Correção

Use of a Broken Cryptographic Algorithm

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-327

Identificadores relacionados

CVE-2017-5243

Produtos afetados

Openssh

Rapid7 Nexpose

PT-2017-16417 · Rapid7+1 · Rapid7 Nexpose+1

CVE-2017-5243

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3