CVE-2017-5243
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-5243
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用已被攻破或存在风险的密码学算法
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rapid7 Nexpose 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Rapid7 Nexpose是美国Rapid7公司的一套能够综合利用不同的扫描结果深度探测网络的漏洞管理软件。该软件可主动扫描配置环境的错误、漏洞、恶意软件并提供指导降低风险。 Rapid7 Nexpose 6.4.40及之前的版本中存在安全漏洞,该漏洞源于默认的SSH配置。攻击者可利用该漏洞实施中间人攻击、降级攻击和解密攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Rapid7 | Nexpose hardware appliance | All Nexpose hardware appliances shipped before June 2017. | - |
II. Public POCs for CVE-2017-5243
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-5243
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: Rapid7
- CVE-2026-6863
HTTP Filestore Endpoints Misapply Permissions Across Organiz - CVE-2026-6948
Unbounded Memory Allocation in VQLResponse Result-Set Writer - CVE-2026-6482
Local Privilege Escalation via OpenSSL configuration file in - CVE-2026-6290
Velociraptor Query() Plugin Misapplies Permissions To Orgs - CVE-2026-4482
Insight Agent Private Key Information Disclosure via Inherit
Same weakness: CWE-327
- CVE-2026-6411
MAXHUB Pivot Client Application Use of a Broken or Risky Cry - CVE-2026-44405
Paramiko 加密问题漏洞 - CVE-2026-32959
Silex SD-330AC和Silex AMC Manager 安全漏洞 - CVE-2026-5588
PKIX draft CompositeVerifier accepts empty signature sequenc - CVE-2025-14813
GOSTCTR implementation unable to process more than 255 block
V. Comments for CVE-2017-5243
No comments yet