DSA-2024-233: Security Update for Dell Connectrix Cisco MDS 9000 Series Multiple Third-Party Component Vulnerabilities

Oversigt: Dell Connectrix Cisco MDS 9000 Series remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Berørte produkter og udbedring

Berørte produkter

Denne artikel gælder for Denne artikel gælder ikke for Denne artikel er ikke knyttet til et bestemt produkt. Det er ikke alle produktversioner, der er identificeret i denne artikel.

Udforsk andre ressourcer

Virkning

High

Oplysninger

Third-party Component	CVEs	More Information
Novel Terrapin (SSH Channel)	CVE-2023-48795	Cisco Bug ID for CVE-2023-48795
CLI	CVE-2024-20399	Cisco Security Advisory for CVE-2024-20399

Dell Technologies anbefaler, at alle kunder tager hensyn til både CVSS-basisresultatet og alle relevante tidsmæssige og miljømæssige resultater, som kan have betydning for den potentielle alvorsgrad, der er forbundet med en bestemt sikkerhedsrisiko.

Berørte produkter og udbedring

CVEs Addressed	Product	Software/Firmware	Affected Versions	Remediated Versions	Link
CVE-2023-48795	Connectrix MDS-9124v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9124V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9706-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706-V2 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9710-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710-V2 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9718-V3	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718-V3 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9132t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9132T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9220i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9220i \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148S \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9250i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9250i \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396S \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9706	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9710	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9718	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9124v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9124V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9706-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706-V2 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9710-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710-V2 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9718-V3	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718-V3 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9132t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9132T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9220i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9220i \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148S \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9250i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9250i \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396S \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9706	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9710	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9718	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718 \| Drivers & Downloads

CVEs Addressed	Product	Software/Firmware	Affected Versions	Remediated Versions	Link
CVE-2023-48795	Connectrix MDS-9124v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9124V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9706-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706-V2 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9710-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710-V2 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9718-V3	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718-V3 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9132t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9132T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9220i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9220i \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148S \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9250i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9250i \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396S \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9706	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9710	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9718	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9124v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9124V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9706-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706-V2 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9710-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710-V2 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9718-V3	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718-V3 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9132t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9132T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9220i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9220i \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148S \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9250i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9250i \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396S \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9706	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9710	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9718	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718 \| Drivers & Downloads

The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Løsninger og afhjælpninger

CVE ID	Workaround and Mitigation
CVE-2023-48795	Security researchers at Ruhr University Bochum on 18 December 2023 disclosed a protocol level vulnerability which has been assigned a CVE ID of CVE-2023-48795 and was named 'Terrapin Attack'. The NX-OS MDS Software uses CiscoSSH which is derived from OpenSSH and could be vulnerable to CVE-2023-48795 but the Security Impact Rating (SIR) is Low because the security impact of this attack is limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user authentication from proceeding. In addition: The attacker needs to be on a privileged position and be able to intercept and modify the SSH initial session setup packet exchange, and The SSH server must either (only one is enough) Offer the chacha20-poly1305@openssh.com as an encryption algorithm or Using an encryption algorithm in CBC mode and an -etm@openssh.com hashing algorithm (and the authors call this combination "vulnerable and MAYBE exploitable"). Conditions: The NX-OS MDS Software does not run AsyncSSH and are not vulnerable to either: CVE-2023-46445 (Rogue Extension Negotiation) and CVE-2023-46446 (Rogue Session Attack). Workaround: If the above conditions are true, disabling the vulnerable combinations would be an effective workaround.

CVE ID

Workaround and Mitigation

CVE-2023-48795

Security researchers at Ruhr University Bochum on 18 December 2023 disclosed a protocol level vulnerability which has been assigned a CVE ID of CVE-2023-48795 and was named 'Terrapin Attack'. The NX-OS MDS Software uses CiscoSSH which is derived from OpenSSH and could be vulnerable to CVE-2023-48795 but the Security Impact Rating (SIR) is Low because the security impact of this attack is limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user authentication from proceeding. In addition:

The attacker needs to be on a privileged position and be able to intercept and modify the SSH initial session setup packet exchange, and
The SSH server must either (only one is enough)
- Offer the chacha20-poly1305@openssh.com as an encryption algorithm or
- Using an encryption algorithm in CBC mode *and* an -etm@openssh.com hashing algorithm (and the authors call this combination "vulnerable and MAYBE exploitable").
Conditions: The NX-OS MDS Software does not run AsyncSSH and are not vulnerable to either: CVE-2023-46445 (Rogue Extension Negotiation) and CVE-2023-46446 (Rogue Session Attack).

Workaround: If the above conditions are true, disabling the vulnerable combinations would be an effective workaround.

Revisionshistorik

Revision	Date	Description
1.0	2024-09-25	Initial Release
2.0	2025-02-17	Updated for enhanced format presentation with no changes to content

Relaterede oplysninger

Ansvarsfraskrivelse

Berørte produkter

Connectrix MDS-Series, Connectrix MDS-Series, Connectrix MDS-9124, Connectrix MDS-9124V, Connectrix MDS-9132T, Connectrix MDS-9148S, Connectrix MDS-9148T, Connectrix MDS-9148V, Connectrix MDS-9220i, Connectrix MDS-9250i, Connectrix MDS-9396T , Connectrix MDS-9396V, Connectrix MDS-9706, Connectrix MDS-9706-V2, Connectrix MDS-9710, Connectrix MDS-9710-V2, Connectrix MDS-9718, Connectrix MDS-9718-V3, Connectrix MDS-Series Hardware ...

Artikelnummer: 000228917

Artikeltype: Dell Security Advisory

Senest ændret: 18 feb. 2025

Kontrollér, om din enhed er dækket af supportservices.

DSA-2024-233: Security Update for Dell Connectrix Cisco MDS 9000 Series Multiple Third-Party Component Vulnerabilities

Oversigt: Dell Connectrix Cisco MDS 9000 Series remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Virkning

Oplysninger

Berørte produkter og udbedring

Løsninger og afhjælpninger

Revisionshistorik

Lignende oplysninger

Ansvarsfraskrivelse

Berørte produkter

Virkning

Oplysninger

Berørte produkter og udbedring

Løsninger og afhjælpninger

Revisionshistorik

Relaterede oplysninger

Ansvarsfraskrivelse

Berørte produkter

Artikelegenskaber

Find svar på dine spørgsmål fra andre Dell-brugere

Supportservices

Artikelegenskaber

Find svar på dine spørgsmål fra andre Dell-brugere

Supportservices

DSA-2024-233: Security Update for Dell Connectrix Cisco MDS 9000 Series Multiple Third-Party Component Vulnerabilities

Oversigt: Dell Connectrix Cisco MDS 9000 Series remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Detaljeret artikel

Virkning

Oplysninger

Berørte produkter og udbedring

Løsninger og afhjælpninger

Revisionshistorik

Relaterede oplysninger

Ansvarsfraskrivelse

Berørte produkter

Artikelegenskaber

Find svar på dine spørgsmål fra andre Dell-brugere

Supportservices

Artikelegenskaber

Find svar på dine spørgsmål fra andre Dell-brugere

Supportservices