NVIDIA 交换机 MSN2100 上的 CVE-2023-48795 漏洞
适用于
- ONTAP9
- NVIDIA MSN2100 集群网络交换机
问题
- 安全扫描报告了 NVIDIA 集群网络交换机 MSN2100 上的漏洞 (CVE-2023-48795):
tcp 22 SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) Observation: SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)IP: 10.21.x.xxx Port:22Description: The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-middle attacker to bypass integrity checks and downgrade the connection's security.Note that this plugin only checks for remote SSH servers that support either ChaCha20-Poly1305 or CBC with Encrypt-then-MAC and do not support the strict key exchange countermeasures. It does not check for vulnerable software versions.
Recommendation: Contact the vendor for an update with the strict key exchange countermeasures or disable the affected algorithms. The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-middle attacker to bypass integrity checks and downgrade the connection's security.- 受影响的交换机正在运行 Cumulus Linux 版本 5.4.0