August 14th, 2016 Riverbed Security Advisory for the SteelCentral NetShark feature in RiOS

Categories:

NetProfiler (Cascade Profiler), SteelHead CX (Appliance), NetShark (Cascade Shark Appliance), SteelFusion Edge, Security, SteelHead EX (Appliance), Packet Analyzer (Cascade Pilot)

Solution Number:

S28669

Last Modified:

2017-07-25

Issue

The SteelCentral NetShark feature in RiOS is using an outdated version of OpenSSL (0.9.8k) which includes several known security vulnerabilities. This advisory is only applicable to the SteelCentral Netshark feature in RiOS - this advisory is not applicable to the standalone SteelCentral NetShark product.

Please note: To receive real-time updates on this article, please click the Subscribe icon in the upper right corner of this article. Updates will be emailed to you as they are published. For additional information on how to subscribe, see S22384.

Solution

SteelHead | SteelCentral | SteelFusion | SteelConnect | Websites

SteelHead products

Product	Status	Deprecated Release
SteelHead CX (appliance, virtual, cloud)	7.0.0 through 9.2.0	9.1.4, and 9.2.1
SteelHead Interceptor	Not Impacted
SteelCentral Controller for SteelHead	Not Impacted
SteelCentral Controller for SteelHead Mobile	Not Impacted

Starting in RiOS 9.1.4, RiOS 9.2.1, and all products that use these versions of RiOS, e.g. SteelFusion Edge, NetShark functionality will no longer be visible as a configurable option. The functionality will continue to be available for configuration via hidden commands in the command line interface, and operate unaltered. While the functionality will continue to be available, customers are encouraged to disable it.

Workaround

Customers with NetShark enabled in RiOS, including the deprecated versions, should disable this feature.

Disable From Command Line Interface:

Execute the following commands.

enable
configure terminal
no cascade shark enable
username shark disabled

Disable From Web Interface:

Browse to Reports > Diagnostics > TCP Dumps
Uncheck “Enable SteelCentral™ NetShark”
Press Apply
Browse to Administration > Security > User Permissions
Expand user row “shark”
Uncheck “Enable Account”
Press Apply

Analyzing Traffic without Integrated SteelCentral NetShark:

SteelHead packet captures can be manually loaded into the SteelCentral Packet Analyzer for anlaysis without SteelCentral NetShark enabled.

Browse to Reports > Diagnostics > TCP Dumps
Create a new sysdump in "TCP Dumps Currently Running"
Once packet capture ends, or is manually terminated, expand the TCP Dump in "Stored TCP Dumps"
Click the "Download" Link
Download the packet capture into a computer that has SteelCentral Packet Analyzer installed
Start Packet Analyzer and click on "Add Trace File", selecting the downloaded packet capture

SteelCentral products

Product	Status	Deprecated Release
AirPcap driver	Not Impacted
AppCapacity	Not Impacted
AppInternals	Not Impacted
AppMapper	Not Impacted
AppResponse	Not Impacted
AppSQL	Not Impacted
Dashboards	Not Impacted
Flow Gateway	Not Impacted
Modeler	Not Impacted
NetAuditor	Not Impacted
NetCollector	Not Impacted
NetExpress	Not Impacted
NetPlanner	Not Impacted
NetProfiler	Not Impacted
NetSensor	Not Impacted
NetShark	Not Impacted
Packet Analyzer	Not Impacted
Portal	Not Impacted
Report Server	Not Impacted
Transaction Analyzer	Not Impacted
UCExpert	Not Impacted
WebAnalyzer	Not Impacted

SteelFusion products

Product	Status	Deprecated Release
SteelFusion Core (appliance, virtual)	Not Impacted
SteelFusion Edge	4.0.0 through 4.3.2	4.5.0
SteelHead EX	1.0.0 through 4.3.2	4.5.0

Refer to the SteelHead section for further details.

SteelConnect products

Product	Status	Deprecated In
SteelConnect Manager	Not Impacted
Gateway	Not Impacted
Access Point	Not Impacted
Switch	Not Impacted

Riverbed websites

Not Impacted

Related Bugs

Attachments

Related Files

NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.

Can't find an answer? Create a case