Dropbear SSH Vulnerability

I have an xclaim AP-Xi-3-US00 that is running firmware version 2.2.0.0.43, which appears to be the latest version.

However, during our vulnerability scan, we discovered that this AP is running Dropbear SSH ver 2016.74 This SSH version is vulnerable to CVE-2017-9078 and the developer has released a fix in version 2017.75, but the latest version is 2018.76.

In conclusion, it's concerning that our firmware version appears to be up-to-date, but the SSH version is 2 revisions behind.

How can we address this?

Comments

  • apsecapsec Member Posts: 4

    Do support admins even look at these threads?? This is an urgent matter and Ruckus denied us support.

  • rameshcrameshc Member, Xpert, Moderator Posts: 162

    Hello @apsec,

    We will address this in next release.

    Thanks
    Ramesh

  • apsecapsec Member Posts: 4

    Thank you for your reply, Ramesh.

    We are also concerned because we do not know the SSH creds and it doesn't appear to be the default.
    I'm not showing any record that we ever logged into SSH and changed the creds. How can we ensure the creds are secure?

    Thanks again.

  • rameshcrameshc Member, Xpert, Moderator Posts: 162

    Hi @apsec,

    If the AP is managed by CloudManager SSH access is restricted.

    Thanks
    Ramesh

  • apsecapsec Member Posts: 4

    Thank you for your reply, @rameshc

    I understand. But how can we verify that these creds are secure? What does the password creation process look like? I understand it's likely unique for each AP, but can you tell me if it's 16 characters or 12 characters, special characters, upper/lower case, etc?

    We need to be confident that these creds are secure if we do not know them.

Sign In or Register to comment.