Is SRA/SMA appliance vulnerable to CVE-2016-2183 and CVE-2016-5915?

Description

Is SRA appliance vulnerable to CVE-2016-2183 and CVE-2016-5915?

CVE-2016-5195, as known as Dirty Cow, is a privilege escalation vulnerability in the Linux Kernel.

CVE-2016-2183:The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

Resolution

For CVE-2016-2183, DES Support was disabled by default with 8.1.0.2 and later, so SRA/SMA should not be vulnerable. OpenSSL is further updated in upcoming patches (8.1.0.6 and 8.5.0.3). 

As for CVE-2016-5915, the SRA/SMA Series products are not vulnerable because there are no Linux local user accounts on these systems and arbitrary code execution is not allowed. The kernel patch for CVE-2016-5915 will be integrated into all active firmware branches as part of our normal development process.

Related Articles

  • SMA100 End of Support No-Charge Replacement FAQ
    Read More
  • SMA1000: Post upgrade to 12.5.0 on AWS and Azure, we show the error Could not retrieve the DNS settings once we log in to AMC/CMS console
    Read More
  • Firmware version required to upgrade to version 12.5.0.
    Read More

Categories

Secure Mobile Access
SMA 100 Series
Secure Mobile Access
SMA 1000 Series
not finding your answers?
Ask the Community