Skip to main content
Start a Conversation

Unsolved

W

wheatley111

1 Message

1897

November 16th, 2018 09:00

R1-2401 Firmware security vulnerability

Can anyone confirm the backend version of SSH (libssh) that is utilized on the R1-2401 network switch contained on a Dell VRTX? I am being pinged on this issue: https://www.libssh.org/security/advisories/CVE-2018-10933.txt I have recently upgraded our R1-2401 to the latest firmware version, 2.0.0.74, which, interestingly states that between versions 2.0.0.71 and 2.0.0.74, that *an* SSL/SSH security vulnerability was patched. However... it looks like this vulnerability was after that date (the libssh patch). Is there any word on a further upgrade to the R1-2401 firmware that might address this security vulnerability? In the interim, is there an easy command I can issue to disable SSH connections to my R1-2401? And please let me know if there is a better spot to post this. Thank you!

DELL-Josh Cr

Moderator

 • 

8.7K Posts

November 16th, 2018 12:00

Hi,

To the best of my knowledge we use libssh2 and not libssh. We do not have any information on future updates of the switch. You can disable ssh with the command no ip ssh server. Page 226 https://downloads.dell.com/manuals/all-products/esuprt_ser_stor_net/esuprt_poweredge/poweredge-vrtx_reference%20guide4_en-us.pdf

View More

View All

No Events found!

Top