Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM0B22D2A3A2EF638C3D279EB10BC12C22B3F5FAAA3ACADB41F5D26EBC3451E7E1
HistoryJan 31, 2019 - 2:25 a.m.

Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC5022 16Gb SAN Scalable Switch (CVE-2016-6210)

2019-01-3102:25:02
www.ibm.com
27

0.107 Low

EPSS

Percentile

95.1%

JSON

Summary

IBM Flex System FC5022 16Gb SAN Scalable Switch has addressed the following vulnerability in OpenSSH.

Vulnerability Details

Summary

IBM Flex System FC5022 16Gb SAN Scalable Switch has addressed the following vulnerability in OpenSSH.

Vulnerability Details:

CVEID: CVE-2016-6210

Description: OpenSSH could allow a remote attacker to obtain sensitive information, caused by the increased amount of time to calculate SHA256/SHA512 hash than BLOWFISH hash. An attacker could exploit this vulnerability using a covert timing channel to enumerate users on a system that runs SSHD.

CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/115128&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Product Affected Version
IBM Flex System FC5022 16Gb SAN Scalable Switch 8.0

Remediation/Fixes:

Firmware fix versions are available on Fix Central:
<http://www.ibm.com/support/fixcentral/&gt;.

Product Fix Version
IBM Flex System FC5022 16Gb SAN Scalable Switch
(brcd_fw_bcsw_8.1.0a_anyos_noarch) 8.1.0a

Workaround(s) & Mitigation(s):

None

References:

Related Information:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Lenovo Product Security Advisories

Acknowledgement

None

Change History
09 August 2017: Original Copy Published

  • The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Related

f5 1
nvd 1
openvas 19
nessus 32
centos 2
ibm 21
packetstorm 2
veracode 1
osv 3
redhatcve 1
debiancve 1
cvelist 1
prion 1
fedora 1
cve 1
archlinux 1
debian 3
redhat 2
hackerone 1
zdt 2
exploitpack 2
paloalto 1
oraclelinux 3
ubuntucve 1
alpinelinux 1
exploitdb 2
cloudfoundry 1
freebsd 1
slackware 1
ubuntu 1
symantec 1
checkpoint_advisories 1
aix 1
altlinux 3
mageia 1
gentoo 1
amazon 1
rosalinux 1
ics 1
f5
f5
K14845276 : OpenSSH vulnerability CVE-2016-6210
2016-12-23 00:00:00
nvd
nvd
CVE-2016-6210
2017-02-13 17:59:00
openvas
openvas
Debian: Security Advisory (DLA-578-1)
2023-03-08 00:00:00
RedHat Update for openssh RHSA-2017:2563-01
2017-09-01 00:00:00
Debian: Security Advisory (DSA-3626-1)
2016-08-02 00:00:00
nessus
nessus
EulerOS 2.0 SP1 : openssh (EulerOS-SA-2017-1189)
2017-09-08 00:00:00
Debian DSA-3626-1 : openssh - security update
2016-07-25 00:00:00
Debian DLA-578-1 : openssh security update
2016-08-01 00:00:00
centos
centos
openssh, pam_ssh_agent_auth security update
2017-08-31 18:50:28
openssh, pam_ssh_agent_auth security update
2017-08-24 01:40:16
ibm
ibm
Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware.
2019-01-31 02:25:02
Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900
2023-02-18 01:45:50
Security Bulletin: Multiple vulnerabilities in OpenSSH affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
2023-03-29 01:48:02
packetstorm
packetstorm
OpenSSHD 7.2p2 User Enumeration
2016-07-18 00:00:00
OpenSSHD 7.2p2 User Enumeration
2016-07-21 00:00:00
veracode
veracode
Information Disclosure
2019-01-15 09:20:13
osv
osv
openssh - security update
2016-07-30 00:00:00
CVE-2016-6210
2017-02-13 17:59:00
openssh - security update
2016-07-24 00:00:00
redhatcve
redhatcve
CVE-2016-6210
2016-07-18 09:18:22
debiancve
debiancve
CVE-2016-6210
2017-02-13 17:59:00
cvelist
cvelist
CVE-2016-6210
2017-02-13 00:00:00
prion
prion
Design/Logic Flaw
2017-02-13 17:59:00
fedora
fedora
[SECURITY] Fedora 24 Update: openssh-7.2p2-10.fc24
2016-07-20 17:50:40
cve
cve
CVE-2016-6210
2017-02-13 17:59:00
archlinux
archlinux
openssh: information leakage
2016-08-02 00:00:00
debian
debian
[SECURITY] [DLA 578-1] openssh security update
2016-07-30 21:40:46
[SECURITY] [DSA 3626-1] openssh security update
2016-07-24 09:19:18
[SECURITY] [DSA 3626-1] openssh security update
2016-07-24 09:19:18
redhat
redhat
(RHSA-2017:2563) Moderate: openssh security update
2017-08-31 13:09:34
(RHSA-2017:2029) Moderate: openssh security, bug fix, and enhancement update
2017-08-01 05:57:17
hackerone
hackerone
Nextcloud: Password authentication at newsletter.nextcloud.com discloses username list
2019-01-08 09:59:42
zdt
zdt
OpenSSHd 7.2p2 - Username Enumeration (2)
2016-07-20 00:00:00
OpenSSHd 7.2p2 - Username Enumeration (1)
2016-07-18 00:00:00
exploitpack
exploitpack
OpenSSHd 7.2p2 - Username Enumeration
2016-07-18 00:00:00
OpenSSH 7.2p2 - Username Enumeration
2016-07-20 00:00:00
paloalto
paloalto
OpenSSH Vulnerability
2016-11-17 17:02:00
oraclelinux
oraclelinux
openssh security update
2017-08-31 00:00:00
openssh security update
2023-08-11 00:00:00
openssh security, bug fix, and enhancement update
2017-08-07 00:00:00
ubuntucve
ubuntucve
CVE-2016-6210
2016-07-18 00:00:00
alpinelinux
alpinelinux
CVE-2016-6210
2017-02-13 17:59:00
exploitdb
exploitdb
OpenSSH 7.2p2 - Username Enumeration
2016-07-20 00:00:00
OpenSSHd 7.2p2 - Username Enumeration
2016-07-18 00:00:00
cloudfoundry
cloudfoundry
USN-3061-1 OpenSSH vulnerability | Cloud Foundry
2016-08-25 00:00:00
freebsd
freebsd
openssh -- sshd -- remote valid user discovery and PAM /bin/login attack
2016-08-01 00:00:00
slackware
slackware
[slackware-security] openssh
2016-08-06 21:10:35
ubuntu
ubuntu
OpenSSH vulnerabilities
2016-08-15 00:00:00
symantec
symantec
SA136 : OpenSSH Vulnerabilities
2016-12-13 08:00:00
checkpoint_advisories
checkpoint_advisories
Multiple SSH Initial Connection Requests (CVE-2003-0190; CVE-2006-5229; CVE-2016-6210)
2011-03-29 00:00:00
aix
aix
AIX OpenSSH Vulnerability
2016-09-08 14:36:37
altlinux
altlinux
Security fix for the ALT Linux 7 package openssh version 6.7p1-alt1.M70P.3
2016-10-20 00:00:00
Security fix for the ALT Linux 6 package openssh version 6.7p1-alt1.M60P.3
2016-10-20 00:00:00
Security fix for the ALT Linux 8 package openssh version 7.2p2-alt2
2016-10-21 00:00:00
mageia
mageia
Updated openssh packages fix security vulnerability
2016-08-31 18:32:33
gentoo
gentoo
OpenSSH: Multiple vulnerabilities
2016-12-07 00:00:00
amazon
amazon
Medium: openssh
2017-10-03 11:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1938
2021-07-02 17:38:20
ics
ics
Siemens SCALANCE X-200RNA Switch Devices
2022-12-19 12:00:00

0.107 Low

EPSS

Percentile

95.1%

JSON
Related for 0B22D2A3A2EF638C3D279EB10BC12C22B3F5FAAA3ACADB41F5D26EBC3451E7E1
f51nvd1openvas19nessus32centos2ibm21packetstorm2veracode1osv3redhatcve1debiancve1cvelist1prion1fedora1cve1archlinux1debian3redhat2hackerone1zdt2exploitpack2paloalto1oraclelinux3ubuntucve1alpinelinux1exploitdb2cloudfoundry1freebsd1slackware1ubuntu1symantec1checkpoint_advisories1aix1altlinux3mageia1gentoo1amazon1rosalinux1ics1