This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

P300 vulnerabilities

eugene_herrera
New Contributor

‎07-01-2022 01:13 PM

Hi, 

I have a client with some P300 devices, they work correctly, but the problem is that they are presenting some vulnerabilities in each one of them. For example:

Description

The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
According to its self-reported version in its banner, Dropbear SSH running on the remote host is prior to 2016.74. It is, therefore, affected by the following vulnerabilities :

  - A format string flaw exists due to improper handling of     string format specifiers (e.g., %s and %x) in usernames     and host arguments. An unauthenticated, remote attacker     can exploit this to execute arbitrary code with root     privileges. (CVE-2016-7406)

  - A flaw exists in dropbearconvert due to improper     handling of specially crafted OpenSSH key files. An     unauthenticated, remote attacker can exploit this to     execute arbitrary code. (CVE-2016-7407)

  - A flaw exists in dbclient when handling the -m or -c     arguments in scripts. An unauthenticated, remote attacker     can exploit this, via a specially crafted script, to     execute arbitrary code. (CVE-2016-7408)

  - A flaw exists in dbclient or dropbear server if they are     compiled with the DEBUG_TRACE option and then run using     the -v switch. A local attacker can exploit this to     disclose process memory. (CVE-2016-7409)
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
The remote SSH server is configured to allow key exchange algorithms which are considered weak.

This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes:

  diffie-hellman-group-exchange-sha1

  diffie-hellman-group1-sha1

  gss-gex-sha1-*

  gss-group1-sha1-*

  gss-group14-sha1-*

  rsa1024-sha1

Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.

 

0 Kudos
4 REPLIES 4
Copyright © 2024 Khoros, LLC