This CVE-2023-48795 vulnerability exists in OpenSSH so NetScalers and ADM are vulnerable as well.
As this attack requires man in the middle access to the network with the SSH traffic, in a secure environment this is not as large an impact for NetScalers and ADM as your management traffic is isolated to a private VLAN just for management. But sometimes this traffic will traverse more public networks, so these remediations should be rolled out there.
Future firmware from CSG will address this, so upgrade to them ASAP.
For VPX/MPX do the following from a shell prompt
Make note on the echo “macs line. I have seen copy and paste move the macs to the end of the line when using putty. Just adjust it before you commit the line.
cp /etc/sshd_config /nsconfig/sshd_config chmod 777 /nsconfig/sshd_config; echo "ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc" >> /nsconfig/sshd_config echo "macs umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512" >> /nsconfig/sshd_config; chmod 777 /nsconfig/sshd_config kill -HUP 'cat /var/run/sshd.pid' force HA sync -force -save YES exit reboot
For SDX and ADM do the following:
vi /mpsconfig/sshd_config
Then add the following lines:
Ciphers -chacha20-poly1305@openssh.com
MACs -*-etm@openssh.com
Thanks Jeff. Super helpful.