Cisco Bug: CSCup58251 - Cisco Secure ACS evaluation of CVE-2008-5161

Last Modified

Feb 19, 2019

Products (1)

Cisco Secure Access Control Server Solution Engine

Known Affected Releases

5.5(0.46) 5.5(0.46.10) 5.6(0.15) 5.7(0.1)

Description (partial)

<B>Symptom:</B>
The Cisco Secure ACS includes a version of OpenSSH that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2008-5161

This bug has been opened to address the potential impact on this product.

<B>Conditions:</B>
Access to the Cisco Secure ACS through SSH is enabled.

Related Community Discussions

<key>CSCup58251</key> - Cisco Secure ACS evaluation of CVE-2008-5161 - 2

Hi This is Pankaj and I a running the image 5.8 with patch 8 I want help whether current image is vulnerable for this The SSH server is configured to support Cipher Block Chaining (CBC) encryption & The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak or not.

Latest activity: Sep 22, 2017

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts

Preview Tool