DSA-2024-233: Security Update for Dell Connectrix Cisco MDS 9000 Series Multiple Third-Party Component Vulnerabilities

摘要: Dell Connectrix Cisco MDS 9000 Series remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

受影響的產品

本文章適用於本文章不適用於本文無關於任何特定產品。本文未識別所有產品版本。

影響

High

詳細資料

Third-party Component	CVEs	More Information
Novel Terrapin (SSH Channel)	CVE-2023-48795	Cisco Bug ID for CVE-2023-48795
CLI	CVE-2024-20399	Cisco Security Advisory for CVE-2024-20399

Dell Technologies 建議所有客戶不僅要參考 CVSS 基本分數，也要將可能會影響與特定安全漏洞相關之潛在嚴重性的所有相關暫時和環境分數納入考量。

受影響的產品與補救措施

CVEs Addressed	Product	Software/Firmware	Affected Versions	Remediated Versions	Link
CVE-2023-48795	Connectrix MDS-9124v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9124V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9706-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706-V2 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9710-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710-V2 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9718-V3	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718-V3 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9132t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9132T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9220i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9220i \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148S \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9250i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9250i \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396S \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9706	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9710	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9718	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9124v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9124V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9706-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706-V2 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9710-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710-V2 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9718-V3	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718-V3 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9132t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9132T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9220i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9220i \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148S \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9250i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9250i \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396S \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9706	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9710	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9718	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718 \| Drivers & Downloads

CVEs Addressed	Product	Software/Firmware	Affected Versions	Remediated Versions	Link
CVE-2023-48795	Connectrix MDS-9124v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9124V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396V \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9706-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706-V2 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9710-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710-V2 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9718-V3	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718-V3 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9132t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9132T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396T \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9220i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9220i \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9148s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148S \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9250i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9250i \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9396s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396S \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9706	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9710	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710 \| Drivers & Downloads
CVE-2023-48795	Connectrix MDS-9718	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9124v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9124V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396v	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396V \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9706-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706-V2 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9710-V2	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710-V2 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9718-V3	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718-V3 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9132t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9132T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396t	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396T \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9220i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9220i \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9148s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9148S \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9250i	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9250i \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9396s	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9396S \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9706	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9706 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9710	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9710 \| Drivers & Downloads
CVE-2024-20399	Connectrix MDS-9718	NX-OS	Versions prior to 9.4(2a)	Version 9.4(2a) or later	Support for Connectrix MDS-9718 \| Drivers & Downloads

The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

因應措施與緩解措施

CVE ID	Workaround and Mitigation
CVE-2023-48795	Security researchers at Ruhr University Bochum on 18 December 2023 disclosed a protocol level vulnerability which has been assigned a CVE ID of CVE-2023-48795 and was named 'Terrapin Attack'. The NX-OS MDS Software uses CiscoSSH which is derived from OpenSSH and could be vulnerable to CVE-2023-48795 but the Security Impact Rating (SIR) is Low because the security impact of this attack is limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user authentication from proceeding. In addition: The attacker needs to be on a privileged position and be able to intercept and modify the SSH initial session setup packet exchange, and The SSH server must either (only one is enough) Offer the chacha20-poly1305@openssh.com as an encryption algorithm or Using an encryption algorithm in CBC mode and an -etm@openssh.com hashing algorithm (and the authors call this combination "vulnerable and MAYBE exploitable"). Conditions: The NX-OS MDS Software does not run AsyncSSH and are not vulnerable to either: CVE-2023-46445 (Rogue Extension Negotiation) and CVE-2023-46446 (Rogue Session Attack). Workaround: If the above conditions are true, disabling the vulnerable combinations would be an effective workaround.

CVE ID

Workaround and Mitigation

CVE-2023-48795

Security researchers at Ruhr University Bochum on 18 December 2023 disclosed a protocol level vulnerability which has been assigned a CVE ID of CVE-2023-48795 and was named 'Terrapin Attack'. The NX-OS MDS Software uses CiscoSSH which is derived from OpenSSH and could be vulnerable to CVE-2023-48795 but the Security Impact Rating (SIR) is Low because the security impact of this attack is limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user authentication from proceeding. In addition:

The attacker needs to be on a privileged position and be able to intercept and modify the SSH initial session setup packet exchange, and
The SSH server must either (only one is enough)
- Offer the chacha20-poly1305@openssh.com as an encryption algorithm or
- Using an encryption algorithm in CBC mode *and* an -etm@openssh.com hashing algorithm (and the authors call this combination "vulnerable and MAYBE exploitable").
Conditions: The NX-OS MDS Software does not run AsyncSSH and are not vulnerable to either: CVE-2023-46445 (Rogue Extension Negotiation) and CVE-2023-46446 (Rogue Session Attack).

Workaround: If the above conditions are true, disabling the vulnerable combinations would be an effective workaround.

修訂歷史記錄

Revision	Date	Description
1.0	2024-09-25	Initial Release
2.0	2025-02-17	Updated for enhanced format presentation with no changes to content

法律免責聲明

受影響的產品

Connectrix MDS-Series, Connectrix MDS-Series, Connectrix MDS-9124, Connectrix MDS-9124V, Connectrix MDS-9132T, Connectrix MDS-9148S, Connectrix MDS-9148T, Connectrix MDS-9148V, Connectrix MDS-9220i, Connectrix MDS-9250i, Connectrix MDS-9396T , Connectrix MDS-9396V, Connectrix MDS-9706, Connectrix MDS-9706-V2, Connectrix MDS-9710, Connectrix MDS-9710-V2, Connectrix MDS-9718, Connectrix MDS-9718-V3, Connectrix MDS-Series Hardware ...

文章編號: 000228917

文章類型: Dell Security Advisory

上次修改時間: 18 2月 2025

檢查您的裝置是否在支援服務的涵蓋範圍內。

DSA-2024-233: Security Update for Dell Connectrix Cisco MDS 9000 Series Multiple Third-Party Component Vulnerabilities

摘要: Dell Connectrix Cisco MDS 9000 Series remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

影響

詳細資料

受影響的產品與補救措施

因應措施與緩解措施

修訂歷史記錄

相關資訊

法律免責聲明

受影響的產品

影響

詳細資料

受影響的產品與補救措施

因應措施與緩解措施

修訂歷史記錄

相關資訊

法律免責聲明

受影響的產品

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務

DSA-2024-233: Security Update for Dell Connectrix Cisco MDS 9000 Series Multiple Third-Party Component Vulnerabilities

摘要: Dell Connectrix Cisco MDS 9000 Series remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

詳細文章

影響

詳細資料

受影響的產品與補救措施

因應措施與緩解措施

修訂歷史記錄

相關資訊

法律免責聲明

受影響的產品

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務