Is SRA/SMA appliance vulnerable to CVE-2016-2183 and CVE-2016-5915?
03/26/2020 12 12920
Is SRA appliance vulnerable to CVE-2016-2183 and CVE-2016-5915?
CVE-2016-5195, as known as Dirty Cow, is a privilege escalation vulnerability in the Linux Kernel.
CVE-2016-2183:The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
For CVE-2016-2183, DES Support was disabled by default with 220.127.116.11 and later, so SRA/SMA should not be vulnerable. OpenSSL is further updated in upcoming patches (18.104.22.168 and 22.214.171.124).
As for CVE-2016-5915, the SRA/SMA Series products are not vulnerable because there are no Linux local user accounts on these systems and arbitrary code execution is not allowed. The kernel patch for CVE-2016-5915 will be integrated into all active firmware branches as part of our normal development process.