Support on SonicWall Products, Services and Solutions
Browse Knowledgebase by Category
Is the Secure Mobile Access product line vulnerable to CVE-2008-5161?
03/26/2020 5 12804
This article covers CVE-2008-5161 for the Secure Mobile Access (SMA) product line.
CVE-2008-5161, also referred as CPNI-957037 , is a "Plaintext Recovery Attack Against SSH" which is a security flaw allowing man-in-the middle attacks. This bug was fixed since OpenSSH 5.1.
SMA appliances, with the latest supported firmware version, is not affected by CVE-2008-5161. This is due to the OpenSSH protocol being upgraded in the latest SMA software.
Please refer to the SMA product lifecycle page for supported software versions: Product Support - SonicWall Secure Mobile Access
Note: We have upgraded OpenSSH with our latest firmware versions and recommened customers to upgrade to 12.1.0 or later firmware versions.