QwikSec

Security Database

CVE

CWE

Training

CVE-2017-5243

Published: Jun 6, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks.

Vendor	Product	Versions
Rapid7	Nexpose hardware appliance	affected `All Nexpose hardware appliances shipped before June 2017.`

Weaknesses (CWE)

References

https://community.rapid7.com/community/nexpose/blog/2017/05/31/r7-2017-13-nexpose-hardware-appliance-ssh-enabled-obsolete-algorithms-cve-2017-5243

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.