{}

Our Brands

Welcome to the Schneider Electric Website

Welcome to our website.
Support
Search FAQs
FAQ000267977
Support
Search FAQs
FAQ000267977
Search FAQs
APC Network Management Card 3 - CVE-2008-5161 - SSH CBC Detected

Issue:
A customer reports : "There is a Vulnerability on our NMC3's - CVE-2008-5161"

Product Line:
AP9640 / AP9641

Resolution:

This vulnerability involves cipher block chaining (CBC) on the SSH protocol which is considered  no longer safe as announced by Microsoft.

This issue is now fixed from v.3.1 onwards. This is also written on page 4 of the attached release notes from version 3.1.1.1 which is the latest version as of the publication of this article.

Shows the part of the table from 3111 Release notes Showing the Fix stating that SSH Cipher Block Chaining cipher has been removed

Aside from being a low-severity vulnerability (see CVSS v2.0 rating at https://nvd.nist.gov/vuln/detail/CVE-2008-5161), actions can be done to easily mitigate this, by following the security best practices such as:

  • Network segmentation
  • Using the NMC's Firewall to limit access to the device.
  • Putting the NMC behind a stateful firewall to limit access to the network where the NMC is installed.
  • Ensuring that all SSH clients are updated (do not use CBC ciphers).

By not defining which SSH cipher to use, the NMC3 always uses the strongest cipher available (aes256-ctr mac).

If you have any clarifications, please feel free to contact us at 1-800-800-4272 or chat with our technical support representatives.

    Released for:Schneider Electric Philippines

    APC Network Management Card 3 - CVE-2008-5161 - SSH CBC Detected

    Issue:
    A customer reports : "There is a Vulnerability on our NMC3's - CVE-2008-5161"

    Product Line:
    AP9640 / AP9641
     

    Resolution:

    This vulnerability involves cipher block chaining (CBC) on the SSH protocol which is considered  no longer safe as announced by Microsoft.
     

    This issue is now fixed from v.3.1 onwards. This is also written on page 4 of the attached release notes from version 3.1.1.1 which is the latest version as of the publication of this article.

    Shows the part of the table from 3111 Release notes Showing the Fix stating that SSH Cipher Block Chaining cipher has been removed

    Aside from being a low-severity vulnerability (see CVSS v2.0 rating at https://nvd.nist.gov/vuln/detail/CVE-2008-5161), actions can be done to easily mitigate this, by following the security best practices such as:

    • Network segmentation
    • Using the NMC's Firewall to limit access to the device.
    • Putting the NMC behind a stateful firewall to limit access to the network where the NMC is installed.
    • Ensuring that all SSH clients are updated (do not use CBC ciphers).

    By not defining which SSH cipher to use, the NMC3 always uses the strongest cipher available (aes256-ctr mac).

    If you have any clarifications, please feel free to contact us at 1-800-800-4272 or chat with our technical support representatives.

      Released for:Schneider Electric Philippines

      Explore more
      Product:
      AP9640
      AP9641
      Explore more
      Product:
      AP9640
      AP9641
      Users group

      Discuss this topic with experts

      Visit our Community for first-hand insights from experts and peers on this topic and more.
      Users group

      Discuss this topic with experts

      Visit our community and get advice from experts and peers on this topic and more
      Explore more
      Product:
      AP9640
      AP9641
      Explore more
      Product:
      AP9640
      AP9641
      move-arrow-top
      Your browser is out of date and has known security issues.

      It also may not display all features of this website or other websites.

      Please upgrade your browser to access all of the features of this website.

      Latest version for Google Chrome, Mozilla Firefox or Microsoft Edgeis recommended for optimal functionality.
      Your browser is out of date and has known security issues.

      It also may not display all features of this website or other websites.

      Please upgrade your browser to access all of the features of this website.

      Latest version for Google Chrome, Mozilla Firefox or Microsoft Edgeis recommended for optimal functionality.