CVE-2017-5243
N/A
N/A
Summary
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rapid7 | Nexpose hardware appliance | All Nexpose hardware appliances shipped before June 2017. | affected |
Weaknesses
- CWE-327: CWE-327 (Use of a Broken or Risky Cryptographic Algorithm)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.