Medium
iDRAC8 and iDRAC9 OpenSSH vulnerability
Third-party Component | CVEs | More Information |
---|---|---|
OpenSSH | CVE-2023-48795 | See the NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
---|---|---|---|---|
CVE-2023-48795 | iDRAC9 | Versions prior to 7.00.00.171 | Version 7.00.00.171 or later | iDRAC9 for 14th Generation PowerEdge Rx4xx/ Cx4xx |
CVE-2023-48795 | iDRAC9 | Versions prior to 7.10.30.05 | Version 7.10.30.05 or later | iDRAC9 for 16th Generation PowerEdge Rx6xx |
CVE-2023-48795 | iDRAC9 | Versions prior to 7.10.50.00 | Version 7.10.50.00 or later | iDRAC9 for 15th and 16th Generation PowerEdge |
CVE-2023-48795 | iDRAC8 | Versions prior to 2.86.86.86 | Version 2.86.86.86 or later | iDRAC8 for 13th Generation PowerEdge |
CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
---|---|---|---|---|
CVE-2023-48795 | iDRAC9 | Versions prior to 7.00.00.171 | Version 7.00.00.171 or later | iDRAC9 for 14th Generation PowerEdge Rx4xx/ Cx4xx |
CVE-2023-48795 | iDRAC9 | Versions prior to 7.10.30.05 | Version 7.10.30.05 or later | iDRAC9 for 16th Generation PowerEdge Rx6xx |
CVE-2023-48795 | iDRAC9 | Versions prior to 7.10.50.00 | Version 7.10.50.00 or later | iDRAC9 for 15th and 16th Generation PowerEdge |
CVE-2023-48795 | iDRAC8 | Versions prior to 2.86.86.86 | Version 2.86.86.86 or later | iDRAC8 for 13th Generation PowerEdge |
CVE ID | Workaround and Mitigation |
---|---|
CVE-2023-48795 | For iDRAC9 mitigation, use the command below to update the SSH crypto ciphers using iDRAC racadm Interface. racadm>>set idrac.sshcrypto.ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com Ensure to use an SSH client that supports one or more of the ciphers above. More details can be found at the iDRAC9 User Guide. |
CVE-2023-48795 | For an iDRAC8 workaround, disable SSH on iDRAC. This can be done in the iDRAC Web interface by going to Overview > iDRAC Settings > Network > Services. More details can be found at the iDRAC8 User Guide. |
Revision | Date | Description |
---|---|---|
1.0 | 2024-01-29 | Initial Release |
2.0 | 2024-01-30 | Format update and adding regulatory external redirection icon |
3.0 | 2024-02-26 | Enhanced content for increased usefulness, product categories, applicability, and updated remediation table |
4.0 | 2024-04-05 | Added remediation information for iDRAC8. |
5.0 | 2024-04-08 | Updated for enhanced presentation with no changes to content |
6.0 | 2024-04-10 | Added iDRAC9 version for PowerEdge 16th Generation. |
7.0 | 2024-04-25 | Added a "NOTE" to provide more information for 15th and 16th Generation coverage. |
8.0 | 2024-05-22 | Updated for enhanced presentation with no changes to content |
9.0 | 2024-06-13 | Updated for enhanced presentation with no changes to content |
10.0 | 2024-06-22 | Updated for enhanced presentation with no changes to content |
11.0 | 2024-06-22 | Updated for enhanced presentation with no changes to content |
12.0 | 2024-06-26 | Added remediation information for iRAC9 15th and 16th Generation. |
13.0 | 2024-11-01 | Format change with no content update. |