August 14th, 2016 Riverbed Security Advisory for the SteelCentral NetShark feature in RiOS

Categories: SteelCentral NetProfiler (Cascade Profiler), SteelHead CX (Appliance), SteelCentral NetShark (Cascade Shark Appliance), SteelFusion Edge, Security, SteelHead EX (Appliance), SteelCentral Packet Analyzer (Cascade Pilot)
Solution Number: S28669

Issue

The SteelCentral NetShark feature in RiOS is using an outdated version of OpenSSL (0.9.8k) which includes several known security vulnerabilities.  This advisory is only applicable to the SteelCentral Netshark feature in RiOS - this advisory is not applicable to the standalone SteelCentral NetShark product.

 

Please note: To receive real-time updates on this article, please click the Subscribe icon in the upper right corner of this article. Updates will be emailed to you as they are published. For additional information on how to subscribe, see S22384.

Solution

 

SteelHead | SteelCentral | SteelFusion | SteelConnect | Websites


SteelHead products 

Product Status Deprecated Release
SteelHead CX (appliance, virtual, cloud) 7.0.0 through 9.2.0 9.1.4, and 9.2.1
SteelHead Interceptor Not Impacted  
SteelCentral Controller for SteelHead Not Impacted  
SteelCentral Controller for SteelHead Mobile Not Impacted  

Starting in RiOS 9.1.4, RiOS 9.2.1, and all products that use these versions of RiOS, e.g. SteelFusion Edge, NetShark functionality will no longer be visible as a configurable option.  The functionality will continue to be available for configuration via hidden commands in the command line interface, and operate unaltered.  While the functionality will continue to be available, customers are encouraged to disable it.
 

Workaround

Customers with NetShark enabled in RiOS, including the deprecated versions, should disable this feature.

Disable From Command Line Interface:

Execute the following commands.

  1. enable
  2. configure terminal
  3. no cascade shark enable
  4. username shark disabled 

 Disable From Web Interface: 

  1. Browse to Reports > Diagnostics > TCP Dumps
  2. Uncheck “Enable SteelCentral™ NetShark”
  3. Press Apply
  4. Browse to Administration > Security > User Permissions
  5. Expand user row “shark”
  6. Uncheck “Enable Account”
  7. Press Apply 

Analyzing Traffic without Integrated SteelCentral NetShark:

SteelHead packet captures can be manually loaded into the SteelCentral Packet Analyzer for anlaysis without SteelCentral NetShark enabled.

  1. Browse to Reports > Diagnostics > TCP Dumps
  2. Create a new sysdump in "TCP Dumps Currently Running"
  3. Once packet capture ends, or is manually terminated, expand the TCP Dump in "Stored TCP Dumps"
  4. Click the "Download" Link
  5. Download the packet capture into a computer that has SteelCentral Packet Analyzer installed
  6. Start Packet Analyzer and click on "Add Trace File", selecting the downloaded packet capture

 

Back to top


SteelCentral products

Product Status Deprecated Release
AirPcap driver Not Impacted  
AppCapacity Not Impacted  
AppInternals Not Impacted  
AppMapper Not Impacted  
AppResponse Not Impacted  
AppSQL Not Impacted  
Dashboards Not Impacted  
Flow Gateway Not Impacted  
Modeler Not Impacted  
NetAuditor Not Impacted  
NetCollector Not Impacted  
NetExpress Not Impacted  
NetPlanner Not Impacted  
NetProfiler Not Impacted  
NetSensor Not Impacted  
NetShark Not Impacted  
Packet Analyzer Not Impacted  
Portal Not Impacted  
Report Server Not Impacted  
Transaction Analyzer Not Impacted  
UCExpert Not Impacted  
WebAnalyzer Not Impacted  

 

Back to top


SteelFusion products

Product Status Deprecated Release
SteelFusion Core (appliance, virtual) Not Impacted  
SteelFusion Edge 4.0.0 through 4.3.2 4.5.0
SteelHead EX  1.0.0 through 4.3.2 4.5.0

Refer to the SteelHead section for further details.

 

Back to top


SteelConnect products

Product Status Deprecated In
SteelConnect Manager Not Impacted  
Gateway Not Impacted  
Access Point Not Impacted  
Switch Not Impacted  

 

Back to top


Riverbed websites

  • Not Impacted

Back to top

 

NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Last Modified: 2017-07-25
Can't find an answer? Create a case