Check: NET1647
Network - Firewall:
NET1647
(in versions v8 r25 through v8 r21)
Title
The network device must not allow SSH Version 1 to be used for administrative access. (Cat II impact)
Discussion
SSH Version 1 is a protocol that has never been defined in a standard. Since SSH-1 has inherent design flaws which make it vulnerable to attacks, e.g., man-in-the-middle attacks, it is now generally considered obsolete and should be avoided by explicitly disabling fallback to SSH-1.
Check Content
Review the configuration and verify SSH Version 1 is not being used for administrative access. If the device is using an SSHv1 session, this is a finding.
Fix Text
Configure the network device to use SSH version 2.
Additional Identifiers
Rule ID:
Vulnerability ID: V-14717
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |