Is ICX Product vulnerable to CVE-2018-10933 ?
Summary
ICX does not use libssh library. ICX is NOT vulnerable to CVE-2018-10933.Question
Is ICX Product vulnerable to CVE-2018-10933 ?Customer Environment
ICX products deployed in the networkRoot Cause
ICX does not use libssh library. ICX is NOT vulnerable to CVE-2018-10933. This issue can only be affect applications that use libssh to implement an SSH server; SSH client functionality is not affected. References to external advisories: https://nvd.nist.gov/vuln/detail/CVE-2018-10933 https://access.redhat.com/security/cve/cve-2018-10933 https://usn.ubuntu.com/3795-1/ According to above references, vulnerability CVE-2018-10933 was found in libssh's server-side, which could resulting in unauthorized access. This issue can only be affect applications that use libssh to implement an SSH server; SSH client functionality is not affected. This issue does not affect libssh2 or openssh.Troubleshooting Steps
ICX does not use libssh library. ICX is NOT vulnerable to CVE-2018-10933.Workaround
ICX does not use libssh library. ICX is NOT vulnerable to CVE-2018-10933.Resolution
As per Security team, ICX products are not Vulnerable to CVE-2018-10933 for all versions of code released up to 10/30/2018.ICX does not use libssh library.
See Ruckus Security Bulletin here: https://support.ruckuswireless.com/security_bulletins/290
Article Number:
000008536
Updated:
November 21, 2018 02:22 PM (over 5 years ago)
Tags:
Security, Ruckus ICX Switches
Votes:
0
This article is:
helpful
not helpful