Search FAQs

APC Network Management Card 3 - CVE-2008-5161 - SSH CBC Detected

Issue:
A customer reports : "There is a Vulnerability on our NMC3's - CVE-2008-5161"

Product Line:
AP9640 / AP9641

Resolution:

This vulnerability involves cipher block chaining (CBC) on the SSH protocol which is considered no longer safe as announced by Microsoft.

This issue is now fixed from v.3.1 onwards. This is also written on page 4 of the attached release notes from version 3.1.1.1 which is the latest version as of the publication of this article.

Shows the part of the table from 3111 Release notes Showing the Fix stating that SSH Cipher Block Chaining cipher has been removed

Aside from being a low-severity vulnerability (see CVSS v2.0 rating at https://nvd.nist.gov/vuln/detail/CVE-2008-5161), actions can be done to easily mitigate this, by following the security best practices such as:

Network segmentation
Using the NMC's Firewall to limit access to the device.
Putting the NMC behind a stateful firewall to limit access to the network where the NMC is installed.
Ensuring that all SSH clients are updated (do not use CBC ciphers).

By not defining which SSH cipher to use, the NMC3 always uses the strongest cipher available (aes256-ctr mac).

If you have any clarifications, please feel free to contact us at 1-800-800-4272 or chat with our technical support representatives.

Released for:APC Vietnam

Published on:7/15/2024Last Modified on:8/23/2024

Product:

AP9640

AP9641

Product:

AP9640

AP9641

Need help?

Support Center

Obtain answers on your own by trying our digital support tools.

Search FAQs

Get answers you need by browsing topic-related Frequently Asked Questions (FAQ).

How to buy?

Easily find the nearest APC Reseller or Distributor in your location.

Find your replacement battery

Find the genuine APC Replacement Battery for your UPS.

Contact Us

Connect with us for help choosing the right product or with troubleshooting and installation.