Unsolved
2 Posts
0
67
CVE-2023-48795 and PowerVault (ME5)
I found and followed guidance from this article for iDRAC for this Terrapin vulnerability.
DSA-2024-021: iDRAC 8 and iDRAC 9 Security Update for CVE-2023-48795 | Dell India
However my scanner shows the same vulnerability for our ME5024's SSH Port.
Is there any information on the resolution for this?
I tried to adapt the instructions, SSH into the ME5, got the active list of ciphers using 'show ciphers' but I can't match the ciphers up.
# show ciphers------------------Active Cipher List------------------ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES256:!ECDHE-RSA-AES256-SHA:!AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK@STRENGTH------------User Ciphers-------------------------------Default Cipher List-------------------ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES256:!ECDHE-RSA-AES256-SHA:!AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK@STRENGTHSuccess: Command completed successfully. (2024-03-14 16:13:25)
But the only cipher that I can't match up is kEDH+AESGCM
DELL-Marco B
Moderator
Moderator
•
3.4K Posts
0
March 14th, 2024 15:56
Hello,
I don't see the any update for ME5 about this vulnerability, sorry