DSA-2024-233: Security Update for Dell Connectrix Cisco MDS 9000 Series Multiple Third-Party Component Vulnerabilities

Sammendrag: Dell Connectrix Cisco MDS 9000 Series remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Berørte produkter og utbedring

Endelige og midlertidige løsninger

Berørte produkter

Denne artikkelen gjelder for Denne artikkelen gjelder ikke for Denne artikkelen er ikke knyttet til noe bestemt produkt. Det er ikke produktversjonene som identifiseres i denne artikkelen.

Ta en titt på andre ressurser

Påvirkning

High

Detaljer

Third-party Component	CVEs	More Information
Novel Terrapin (SSH Channel)	CVE-2023-48795	Cisco Bug ID for CVE-2023-48795
CLI	CVE-2024-20399	Cisco Security Advisory for CVE-2024-20399

Dell Technologies anbefaler at alle kunder tar hensyn til både grunnpoengsummen og alle relevante, midlertidige og miljømessige resultater som kan påvirke den potensielle alvorlighetsgraden knyttet til bestemte sikkerhetsproblemer.

Berørte produkter og utbedring

CVEs Addressed	Product	Software/Firmware	Affected Versions	Remediated Versions	Link
CVE-2023-48795	Connectrix MDS-9124v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9124V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9706-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706-V2 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9710-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710-V2 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9718-V3	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718-V3 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9132t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9132T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9220i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9220i \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148S \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9250i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9250i \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396S \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9706	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9710	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9718	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9124v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9124V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9706-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706-V2 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9710-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710-V2 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9718-V3	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718-V3 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9132t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9132T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9220i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9220i \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148S \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9250i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9250i \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396S \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9706	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9710	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9718	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718 \| Drivers & Downloads

CVEs Addressed	Product	Software/Firmware	Affected Versions	Remediated Versions	Link
CVE-2023-48795	Connectrix MDS-9124v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9124V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9706-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706-V2 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9710-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710-V2 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9718-V3	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718-V3 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9132t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9132T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9220i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9220i \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148S \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9250i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9250i \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396S \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9706	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9710	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9718	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9124v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9124V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9706-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706-V2 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9710-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710-V2 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9718-V3	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718-V3 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9132t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9132T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9220i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9220i \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148S \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9250i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9250i \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396S \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9706	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9710	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9718	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718 \| Drivers & Downloads

The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Endelige og midlertidige løsninger

CVE ID	Workaround and Mitigation
CVE-2023-48795	Security researchers at Ruhr University Bochum on 18 December 2023 disclosed a protocol level vulnerability which has been assigned a CVE ID of CVE-2023-48795 and was named 'Terrapin Attack'. The NX-OS MDS Software uses CiscoSSH which is derived from OpenSSH and could be vulnerable to CVE-2023-48795 but the Security Impact Rating (SIR) is Low because the security impact of this attack is limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user authentication from proceeding. In addition: The attacker needs to be on a privileged position and be able to intercept and modify the SSH initial session setup packet exchange, and The SSH server must either (only one is enough) Offer the chacha20-poly1305@openssh.com as an encryption algorithm or Using an encryption algorithm in CBC mode and an -etm@openssh.com hashing algorithm (and the authors call this combination "vulnerable and MAYBE exploitable"). Conditions: The NX-OS MDS Software does not run AsyncSSH and are not vulnerable to either: CVE-2023-46445 (Rogue Extension Negotiation) and CVE-2023-46446 (Rogue Session Attack). Workaround: If the above conditions are true, disabling the vulnerable combinations would be an effective workaround.

CVE ID

Workaround and Mitigation

CVE-2023-48795

Security researchers at Ruhr University Bochum on 18 December 2023 disclosed a protocol level vulnerability which has been assigned a CVE ID of CVE-2023-48795 and was named 'Terrapin Attack'. The NX-OS MDS Software uses CiscoSSH which is derived from OpenSSH and could be vulnerable to CVE-2023-48795 but the Security Impact Rating (SIR) is Low because the security impact of this attack is limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user authentication from proceeding. In addition:

The attacker needs to be on a privileged position and be able to intercept and modify the SSH initial session setup packet exchange, and
The SSH server must either (only one is enough)
- Offer the chacha20-poly1305@openssh.com as an encryption algorithm or
- Using an encryption algorithm in CBC mode *and* an -etm@openssh.com hashing algorithm (and the authors call this combination "vulnerable and MAYBE exploitable").
Conditions: The NX-OS MDS Software does not run AsyncSSH and are not vulnerable to either: CVE-2023-46445 (Rogue Extension Negotiation) and CVE-2023-46446 (Rogue Session Attack).

Workaround: If the above conditions are true, disabling the vulnerable combinations would be an effective workaround.

Endringshistorikk

Revision	Date	Description
1.0	2024-09-25	Initial Release
2.0	2025-02-17	Updated for enhanced format presentation with no changes to content

Relatert informasjon

Juridisk ansvarsfraskrivelse

Berørte produkter

Connectrix MDS-Series, Connectrix MDS-Series, Connectrix MDS-9124, Connectrix MDS-9124V, Connectrix MDS-9132T, Connectrix MDS-9148S, Connectrix MDS-9148T, Connectrix MDS-9148V, Connectrix MDS-9220i, Connectrix MDS-9250i, Connectrix MDS-9396T , Connectrix MDS-9396V, Connectrix MDS-9706, Connectrix MDS-9706-V2, Connectrix MDS-9710, Connectrix MDS-9710-V2, Connectrix MDS-9718, Connectrix MDS-9718-V3, Connectrix MDS-Series Hardware ...

Artikkelnummer: 000228917

Artikkeltype: Dell Security Advisory

Sist endret: 18 feb. 2025

Sjekk om enheten din er dekket av støttetjenestene.

DSA-2024-233: Security Update for Dell Connectrix Cisco MDS 9000 Series Multiple Third-Party Component Vulnerabilities

Sammendrag: Dell Connectrix Cisco MDS 9000 Series remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Påvirkning

Detaljer

Berørte produkter og utbedring

Endelige og midlertidige løsninger

Endringshistorikk

Relatert informasjon

Juridisk ansvarsfraskrivelse

Berørte produkter

Påvirkning

Detaljer

Berørte produkter og utbedring

Endelige og midlertidige løsninger

Endringshistorikk

Relatert informasjon

Juridisk ansvarsfraskrivelse

Berørte produkter

Artikkelegenskaper

Få svar på spørsmålene dine fra andre Dell-brukere

Støttetjenester

Artikkelegenskaper

Få svar på spørsmålene dine fra andre Dell-brukere

Støttetjenester

DSA-2024-233: Security Update for Dell Connectrix Cisco MDS 9000 Series Multiple Third-Party Component Vulnerabilities

Sammendrag: Dell Connectrix Cisco MDS 9000 Series remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Detaljert artikkel

Påvirkning

Detaljer

Berørte produkter og utbedring

Endelige og midlertidige løsninger

Endringshistorikk

Relatert informasjon

Juridisk ansvarsfraskrivelse

Berørte produkter

Artikkelegenskaper

Få svar på spørsmålene dine fra andre Dell-brukere

Støttetjenester

Artikkelegenskaper

Få svar på spørsmålene dine fra andre Dell-brukere

Støttetjenester