ONTAP OS appears vulnerable to Open SSH CBC ( Cipher Block Chaining ) attack
Applies to
- ONTAP 9.x
- Data ONTAP 7-Mode 8.x
- ONTAP Select 9.x
Issue
- Versions of OpenSSH below 4.71 are vulnerable to an exploit allowing attackers to extract arbitrary plain text from cipher text.
- 14-32 bits of text are extractable although the odds of extracting a full 32 bits of data are extremely low.
- For related AIQUM error, see "SSH is using insecure ciphers" event is detected on Active IQ Unified Manager