SB2023032416 - Improper handling of exceptional conditions in HPE 6120XG Switches

Security Bulletin ID SB2023032416

Severity

Low

Patch available

NO

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper handling of exceptional conditions (CVE-ID: CVE-2008-5161)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbnw04204en_us