ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

Deprecated SSH Cryptographic Settings - Vulnerability Findings

 
Highlighted
New Member

Deprecated SSH Cryptographic Settings - Vulnerability Findings

Recently we did vulnerability scan and found Deprecated SSH Cryptographic Settings on ILO 4, ILO 5 & OA devices.

Threat - The SSH protocol (Secure Shell) is a method for secure remote login from one computer to another.
The target is using deprecated SSH cryptographic settings to communicate.

Impact - A man-in-the-middle attacker may be able to exploit this vulnerability to record the communication to decrypt the session key and even the messages.

I would like know the way out to fix this vulbernability finding.

2 REPLIES 2
Highlighted
HPE Pro

Re: Deprecated SSH Cryptographic Settings - Vulnerability Findings

Hi, 

Can you provide us the CVE number?

with CVE number we can advise you if the ILOs' and OAs' are affected with this or not.

Also, please provide the output of the scan report. 

I am a HPE Employee

Accept or Kudo

Highlighted
New Member

Re: Deprecated SSH Cryptographic Settings - Vulnerability Findings