Is ICX Product vulnerable to CVE-2018-10933 ?

Summary

ICX does not use libssh library.  ICX is NOT vulnerable to CVE-2018-10933.

Question

Is ICX Product vulnerable to CVE-2018-10933 ?

Customer Environment

ICX products deployed in the network

Root Cause

ICX does not use libssh library.  ICX is NOT vulnerable to CVE-2018-10933. This issue can only be affect applications that use libssh to implement an SSH server; SSH client functionality is not affected. References to external advisories: https://nvd.nist.gov/vuln/detail/CVE-2018-10933 https://access.redhat.com/security/cve/cve-2018-10933 https://usn.ubuntu.com/3795-1/ According to above references, vulnerability CVE-2018-10933 was found in libssh's server-side, which could resulting in unauthorized access. This issue can only be affect applications that use libssh to implement an SSH server; SSH client functionality is not affected. This issue does not affect libssh2 or openssh.

Troubleshooting Steps

ICX does not use libssh library.  ICX is NOT vulnerable to CVE-2018-10933.
 

Workaround

ICX does not use libssh library.  ICX is NOT vulnerable to CVE-2018-10933.

Resolution

As per Security team, ICX products are not Vulnerable to CVE-2018-10933 for all versions of code released up to 10/30/2018.
ICX does not use libssh library.

See Ruckus Security Bulletin here:  https://support.ruckuswireless.com/security_bulletins/290

Article Number:
000008536

Updated:
November 21, 2018 02:22 PM (almost 6 years ago)

Tags:
Security, Ruckus ICX Switches

Votes:
0

This article is:
helpful
not helpful

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.

Alert!!

Close