Skip to main content
Start a Conversation

Unsolved

I

imeiIanV

2 Posts

67

March 14th, 2024 06:54

CVE-2023-48795 and PowerVault (ME5)

I found and followed guidance from this article for iDRAC for this Terrapin vulnerability.

DSA-2024-021: iDRAC 8 and iDRAC 9 Security Update for CVE-2023-48795 | Dell India

However my scanner shows the same vulnerability for our ME5024's SSH Port.

Is there any information on the resolution for this?

I tried to adapt the instructions, SSH into the ME5, got the active list of ciphers using 'show ciphers' but I can't match the ciphers up.

# show ciphers------------------Active Cipher List------------------ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES256:!ECDHE-RSA-AES256-SHA:!AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK@STRENGTH------------User Ciphers-------------------------------Default Cipher List-------------------ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES256:!ECDHE-RSA-AES256-SHA:!AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK@STRENGTHSuccess: Command completed successfully. (2024-03-14 16:13:25)

But the only cipher that I can't match up is kEDH+AESGCM

DELL-Marco B

Moderator

 • 

3.4K Posts

March 14th, 2024 15:56

Hello,

I don't see the any update for ME5 about this vulnerability, sorry

 

View More

View All

No Events found!

Top