Lucene search

K
ibmIBM814F9A9481D7C2B9755A9BFCC3FA81A13B5C6E2A2F79B3EEDD946085F9C1A690
HistorySep 23, 2021 - 1:31 a.m.

Security Bulletin: Vulnerabilities in libssh2 affect Power Hardware Management Console (CVE-2016-0787)

2021-09-2301:31:39
www.ibm.com
19
power hardware management console
libssh2
vulnerability
cve-2016-0787
diffie-hellman
ibm fix central

EPSS

0.005

Percentile

77.6%

Summary

libssh2 is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs

Vulnerability Details

CVEID: CVE-2016-0787**
DESCRIPTION:** libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the generation of a reduced amount of random bits for Diffie-Hellman. An attacker could exploit this vulnerability using the truncated Diffie-Hellman secret to launch further attacks on the system.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111562 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Power HMC V8.1.0.0
Power HMC V8.2.0.0
Power HMC V8.3.0.0
Power HMC V8.4.0.0

Remediation/Fixes

The following fixes are available on IBM Fix Central

Product

|

VRMF

|

APAR

|

Remediation/Fix

—|—|—|—

Power HMC

|

V8.8.1.0 SP3

|

MB04008

|

Apply eFix MH01623

Power HMC

|

V8.8.2.0 SP2

|

MB04009

|

Apply eFix MH01624

Power HMC

|

V8.8.3.0 SP2

|

MB04011

|

Apply eFix MH01625

Power HMC

|

V8.8.4.0 SP1

|

MB04012

|

Apply eFix MH01626

Workarounds and Mitigations

None