PT-2017-16417 · Rapid7+1 · Rapid7 Nexpose+1

Liam Somerville

Published

2017-06-06

Updated

2019-10-09

CVE-2017-5243

CVSS v3.1

8.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Rapid7 Nexpose hardware appliances versions prior to June 2017

Description The default SSH configuration does not specify desired algorithms for key exchange and other important functions, allowing all algorithms supported by the relevant version of OpenSSH. This makes the installations vulnerable to man-in-the-middle (MITM), downgrade, and decryption attacks.

Recommendations For Rapid7 Nexpose hardware appliances versions prior to June 2017, consider updating the SSH configuration to specify desired algorithms for key exchange and other important functions to prevent MITM, downgrade, and decryption attacks.

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

CVE-2017-5243

Affected Products

Openssh

Rapid7 Nexpose

PT-2017-16417 · Rapid7+1 · Rapid7 Nexpose+1

CVE-2017-5243

Weakness Enumeration

Related Identifiers

Affected Products

References · 3