APC AP9630 Vulnerabilities

oghernandez27 · ‎2023-05-26

hi there,

we have a NM Card 2 (AP9630) installed in an APC SMT2200RM2U.
during a vulnerability test, they found that the card with version AOS 5.1.6 has the following vulnerabilities: CVE-2011-3389, CVE-2017-6168, CVE-2017-17382, CVE-2017-17427, CVE-2017-17428, CVE-2017-12373, CVE-2017-13098, CVE-2017-1000385, CVE-2017-13099, CVE-2016-6883, CVE-2012-5081
I upgraded it to version AOS 7.1.2 but I haven't found a document and/or link to find out if this version help me in the remediation of these vulnerabilities.
I will appreciate any feedback. Thanks in advance

Shaun · ‎2023-05-26

Hi,

My primary recommendation would be to re-run the scan after upgrading to current firmware, so your to-do list reflects the current state.

That said, all the CVE marked 2017 are variations on a Bleichenbacher padding attack, aka "TLS ROBOT". To mitigate this, you can disable the affected algorithms at the CLI, with:

>cipher -rc4 disable
E002: Success

>cipher -rsake disable
E002: Success