DSA-2024-233: Security Update for Dell Connectrix Cisco MDS 9000 Series Multiple Third-Party Component Vulnerabilities

Inhaltsverzeichnis

Ausführlicher Artikel

Auswirkungen

Betroffene Produkte und Korrektur

Workarounds und Korrekturmaßnahmen

Revisionsverlauf

Verwandte Informationen

Rechtlicher Hinweis

Betroffene Produkte

Feedback geben

Zusammenfassung: Dell Connectrix Cisco MDS 9000 Series remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Dieser Artikel gilt für Dieser Artikel gilt nicht für Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden. In diesem Artikel werden nicht alle Produktversionen aufgeführt.

Andere Ressourcen ansehen

Auswirkungen

High

Details

Third-party Component	CVEs	More Information
Novel Terrapin (SSH Channel)	CVE-2023-48795	Cisco Bug ID for CVE-2023-48795
CLI	CVE-2024-20399	Cisco Security Advisory for CVE-2024-20399

Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Korrektur

CVEs Addressed	Product	Software/Firmware	Affected Versions	Remediated Versions	Link
CVE-2023-48795	Connectrix MDS-9124v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9124V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9706-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706-V2 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9710-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710-V2 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9718-V3	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718-V3 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9132t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9132T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9220i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9220i \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148S \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9250i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9250i \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396S \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9706	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9710	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9718	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9124v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9124V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9706-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706-V2 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9710-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710-V2 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9718-V3	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718-V3 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9132t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9132T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9220i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9220i \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148S \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9250i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9250i \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396S \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9706	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9710	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9718	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718 \| Drivers & Downloads

CVEs Addressed	Product	Software/Firmware	Affected Versions	Remediated Versions	Link
CVE-2023-48795	Connectrix MDS-9124v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9124V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9706-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706-V2 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9710-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710-V2 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9718-V3	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718-V3 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9132t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9132T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9220i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9220i \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148S \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9250i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9250i \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396S \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9706	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9710	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9718	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9124v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9124V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9706-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706-V2 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9710-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710-V2 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9718-V3	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718-V3 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9132t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9132T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9220i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9220i \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148S \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9250i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9250i \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396S \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9706	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9710	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9718	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718 \| Drivers & Downloads

The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Workarounds und Korrekturmaßnahmen

CVE ID	Workaround and Mitigation
CVE-2023-48795	Security researchers at Ruhr University Bochum on 18 December 2023 disclosed a protocol level vulnerability which has been assigned a CVE ID of CVE-2023-48795 and was named 'Terrapin Attack'. The NX-OS MDS Software uses CiscoSSH which is derived from OpenSSH and could be vulnerable to CVE-2023-48795 but the Security Impact Rating (SIR) is Low because the security impact of this attack is limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user authentication from proceeding. In addition: The attacker needs to be on a privileged position and be able to intercept and modify the SSH initial session setup packet exchange, and The SSH server must either (only one is enough) Offer the chacha20-poly1305@openssh.com as an encryption algorithm or Using an encryption algorithm in CBC mode and an -etm@openssh.com hashing algorithm (and the authors call this combination "vulnerable and MAYBE exploitable"). Conditions: The NX-OS MDS Software does not run AsyncSSH and are not vulnerable to either: CVE-2023-46445 (Rogue Extension Negotiation) and CVE-2023-46446 (Rogue Session Attack). Workaround: If the above conditions are true, disabling the vulnerable combinations would be an effective workaround.

CVE ID

Workaround and Mitigation

CVE-2023-48795

Security researchers at Ruhr University Bochum on 18 December 2023 disclosed a protocol level vulnerability which has been assigned a CVE ID of CVE-2023-48795 and was named 'Terrapin Attack'. The NX-OS MDS Software uses CiscoSSH which is derived from OpenSSH and could be vulnerable to CVE-2023-48795 but the Security Impact Rating (SIR) is Low because the security impact of this attack is limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user authentication from proceeding. In addition:

The attacker needs to be on a privileged position and be able to intercept and modify the SSH initial session setup packet exchange, and
The SSH server must either (only one is enough)
- Offer the chacha20-poly1305@openssh.com as an encryption algorithm or
- Using an encryption algorithm in CBC mode *and* an -etm@openssh.com hashing algorithm (and the authors call this combination "vulnerable and MAYBE exploitable").
Conditions: The NX-OS MDS Software does not run AsyncSSH and are not vulnerable to either: CVE-2023-46445 (Rogue Extension Negotiation) and CVE-2023-46446 (Rogue Session Attack).

Workaround: If the above conditions are true, disabling the vulnerable combinations would be an effective workaround.

Revisionsverlauf

Revision	Date	Description
1.0	2024-09-25	Initial Release
2.0	2025-02-17	Updated for enhanced format presentation with no changes to content

Zugehörige Informationen

Rechtlicher Hinweis

Betroffene Produkte

Connectrix MDS-Series, Connectrix MDS-Series, Connectrix MDS-9124, Connectrix MDS-9124V, Connectrix MDS-9132T, Connectrix MDS-9148S, Connectrix MDS-9148T, Connectrix MDS-9148V, Connectrix MDS-9220i, Connectrix MDS-9250i, Connectrix MDS-9396T , Connectrix MDS-9396V, Connectrix MDS-9706, Connectrix MDS-9706-V2, Connectrix MDS-9710, Connectrix MDS-9710-V2, Connectrix MDS-9718, Connectrix MDS-9718-V3, Connectrix MDS-Series Hardware ...

Artikelnummer: 000228917

Artikeltyp: Dell Security Advisory

Zuletzt geändert: 18 Feb. 2025

Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.

DSA-2024-233: Security Update for Dell Connectrix Cisco MDS 9000 Series Multiple Third-Party Component Vulnerabilities

Zusammenfassung: Dell Connectrix Cisco MDS 9000 Series remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Auswirkungen

Details

Betroffene Produkte und Korrektur

Workarounds und Korrekturmaßnahmen

Revisionsverlauf

Zugehörige Informationen

Rechtlicher Hinweis

Betroffene Produkte

Artikeleigenschaften

Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen

Support Services

Artikeleigenschaften

Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen

Support Services