Hi Jorge,
Depending on your flash system firmware level 8.5 or 8.6, you have different SSL and SSH level to setup on FS9100, you can use lsecurity command to check your current SSH/SSl security level.
With fw 8.6 , you can setup SSL level 7 and SSH level 4 as highest.
here is reference link https://www.ibm.com/docs/en/flashsystem-9x00/8.6.x?topic=r-security-levels-supported-security-ciphers
CBC cipher are supported in SSL 1/2/3 and SSH1, if you change your security level on FS9100, you will remediate the vulnerability.
Hope it helps.
George Qiao
------------------------------
Zhili Qiao
------------------------------
Original Message:
Sent: Tue March 26, 2024 01:20 AM
From: Jorge Lee
Subject: Flash system 9100: SSH server is configured to support Cipher Block Chaining (CBC) encryption Port: TCP/22
Hello,
It is possible to remediate the following vulnerability in FlashSystem 9100:
SSH server is configured to support Cipher Block Chaining (CBC) encryption Port: TCP/22 Risk: 5 MEDIUM
Let me know,
------------------------------
Regards,
Jorge L
------------------------------