SolidFire and HCI

HCI IPMI Weak MAC Algorithms

chinchillaking
2,770 Views

Hello,

 

Nessus scan discover CVE-2008-5161 HCI IPMI Weak MAC Algorithms as below, I cannot found below solution from google or NetApp support portal, anyone advise?

 

71049 - SSH Weak MAC Algorithms Enabled
Synopsis
The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms.
Description
The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are
considered weak.
Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software
versions.
Solution
Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.
Risk Factor
Low

 

 

Best regards,

 

Chung

1 ACCEPTED SOLUTION

pedro_rocha
2,732 Views

Hello,

 

I found this bug: https://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=424122

 

From there:

 

" Certain versions of security scanners might report one or more of the CVEs
listed in the Notes section as vulnerabilities present in the product.
NetApp has assessed the product and determined that it is vulnerable but
that an attack attempt has a low probability of success. Each failure will
cause a connection termination with a fatal error and an attacker would be
required to launch thousands of connection-killing attempts before achieving
a successful result.

This CVE has a CVSS v2 Base Score of 2.6 (LOW) (AV:N/AC:H/Au:N/C:P/I:N/A:N)."

 

There is not workaround and the bug is related to 7-mode systems (which I do not know if it is your case).

 

Regards,

Pedro

View solution in original post

3 REPLIES 3

pedro_rocha
2,733 Views

Hello,

 

I found this bug: https://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=424122

 

From there:

 

" Certain versions of security scanners might report one or more of the CVEs
listed in the Notes section as vulnerabilities present in the product.
NetApp has assessed the product and determined that it is vulnerable but
that an attack attempt has a low probability of success. Each failure will
cause a connection termination with a fatal error and an attacker would be
required to launch thousands of connection-killing attempts before achieving
a successful result.

This CVE has a CVSS v2 Base Score of 2.6 (LOW) (AV:N/AC:H/Au:N/C:P/I:N/A:N)."

 

There is not workaround and the bug is related to 7-mode systems (which I do not know if it is your case).

 

Regards,

Pedro

ddansf
2,720 Views

Please open a support case with the details and support can investigate current state for you.

kryan
2,529 Views

Please post the support case # when it is available.

Public