Regarding vulnerability CVE-2008-5161 (SSH Server CBC Mode Ciphers Enabled), we need to follow the below article to mitigate this vulnerability.

Addressing False Positives from CBC and MAC Vulnerability Scans of NetScaler SSHD (citrix.com)

However, we are unable to perform the steps mentioned in the article on the SDXs because we cannot see the nsconfig directory on the SDXs. 

As a workaround, XenServer Access will need to be disabled in SVM GUI:

--- SVM GUI/ Configuration/ System/ Network Configuration/ 

--- Uncheck the "Configure Appliance supportability" check box: