Unsolved
1 Rookie
•
2 Posts
0
1197
Is iDRAC ssh impacted by CVE-2024-6387?
Hello everyone,
I was unable to find any mentions about this topic, or ssh versions in iDRAC. Thanks for info.
Regards,
Jan.
Unsolved
1 Rookie
•
2 Posts
0
1197
Hello everyone,
I was unable to find any mentions about this topic, or ssh versions in iDRAC. Thanks for info.
Regards,
Jan.
Top
DELL-Marco B
Moderator
Moderator
•
3.5K Posts
0
July 3rd, 2024 19:17
Hello,
I see that you already open a case with our technical support for this question.
For the moment the only document that we can share to you is this one
DSA-2024-021: iDRAC 8 and iDRAC 9 Security Update for CVE-2023-48795 | Dell US
Our technical support is working to provide you a more detailed answer.
Thanks
apeterson5
1 Rookie
1 Rookie
•
2 Posts
0
July 4th, 2024 00:13
Hi,
We run a vulnerability scan and I have more than a dozen that failed. What can I do?
DELL-Young E
Moderator
Moderator
•
3.9K Posts
0
July 4th, 2024 02:44
Hello, while you didn't specify what those failures are, I recommed that you get in touch with the local support and raise an offical ticket through here: https://dell.to/3W56QHL
in the meantime you can also look up yourself here: https://dell.to/3W8IKMp
Respectfully,
TanguyP
1 Rookie
1 Rookie
•
4 Posts
1
July 4th, 2024 07:58
Hi all,
Upon running a vulnerability scan on our networks, it seems that IDRAC9 uses Openssh 8.6 which seems to be impacted by the CVE. With no official confirmation from Dell, I'd assume the worst and turn off SSH unless you absolutely need it.
There's nothing about this CVE on Dell's security center, its been a few days since the CVE release...
BR
Tanguy
jmartinu
1 Rookie
1 Rookie
•
2 Posts
0
July 4th, 2024 14:00
Hello everyone,
I've got official statement from Dell support. YES it is impacted and they are working on it, but not promising anything, not even official document about it yet. For now only way to solve it, is to disable it.
Thanks you all for scanning yours machines and info :)
Hope next time we will be informed by Dell and not have to "interrogate" them.
Regards,
Jan.
kbadmin
1 Rookie
1 Rookie
•
1 Message
0
July 5th, 2024 13:46
I've been trying to get a case open with Dell as I have this same question. We have turned off SSH on our IDRACs for now, but haven't seen anything from Dell addressing this on the security advisories.
apeterson5
1 Rookie
1 Rookie
•
2 Posts
0
July 5th, 2024 15:49
I just chatted with Dell. They will likely release the fix in September. They also recommended turning off SSH on the iDRAC, which is what we will be doing on all our Dell servers.
rgb_9
1 Rookie
1 Rookie
•
15 Posts
0
July 9th, 2024 15:54
If you manage many systems with OpenManage, you can select the systems and disable SSH via the 'RACADM CLI' Action.
PeterS85110
1 Rookie
1 Rookie
•
1 Message
0
July 17th, 2024 07:49
issue resolved in iDRAC FW releases from 24 June 2024 (for example iDRAC 7.00.00.172 for R740c) where OpenSSH_9.6 is embedded.
paulmalenfant
1 Rookie
1 Rookie
•
1 Message
0
July 17th, 2024 12:27
Are you sure about that? Everything I read says that openssh fixed the bug after 9.8p1. It wasn't release until 7/1/2024