Article Number: 000221558
Medium
Third-party Component | CVEs | More Information |
---|---|---|
OpenSSH | CVE-2023-48795 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
---|---|---|---|---|
CVE-2023-48795 | iDRAC 9 | Versions prior to 7.00.00.171 | version 7.00.00.171 or later | iDRAC 9 for 14th Generation PowerEdge Rx4xx/ Cx4xx |
CVE-2023-48795 | iDRAC 9 | Versions prior to 7.10.30.05 | version 7.10.30.05 or later | iDRAC 9 for 16th Generation PowerEdge Rx6xx |
CVE-2023-48795 | iDRAC 9 | Versions prior to 7.10.50.00 | version 7.10.50.00 or later | iDRAC 9 for 15th and 16th Generation PowerEdge |
CVE-2023-48795 | iDRAC 8 | Versions prior to 2.86.86.86 | version 2.86.86.86 or later | iDRAC 8 for 13th Generation PowerEdge |
CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
---|---|---|---|---|
CVE-2023-48795 | iDRAC 9 | Versions prior to 7.00.00.171 | version 7.00.00.171 or later | iDRAC 9 for 14th Generation PowerEdge Rx4xx/ Cx4xx |
CVE-2023-48795 | iDRAC 9 | Versions prior to 7.10.30.05 | version 7.10.30.05 or later | iDRAC 9 for 16th Generation PowerEdge Rx6xx |
CVE-2023-48795 | iDRAC 9 | Versions prior to 7.10.50.00 | version 7.10.50.00 or later | iDRAC 9 for 15th and 16th Generation PowerEdge |
CVE-2023-48795 | iDRAC 8 | Versions prior to 2.86.86.86 | version 2.86.86.86 or later | iDRAC 8 for 13th Generation PowerEdge |
CVE ID | Workaround and Mitigation |
---|---|
CVE-2023-48795 | For iDRAC 9 mitigation, use the command below to update the SSH crypto ciphers using iDRAC racadm Interface. racadm>>set idrac.sshcrypto.ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com Note: Make sure to use a ssh client that supports one or more of the ciphers above. More details can be found at the iDRAC 9 User Guide |
CVE-2023-48795 | For iDRAC 8 workaround, disable SSH on iDRAC. This can be done in the iDRAC Web interface by navigating to Overview > iDRAC Settings > Network > Services. More details can be found at the iDRAC 8 User Guide |
Revision | Date | Description |
---|---|---|
1.0 | 2024-01-29 | Initial Release |
2.0 | 2024-01-30 | Format update and adding regulatory external redirection icon |
3.0 | 2024-02-26 | Enhanced content for increased usefulness: product categories applicability and updated remediation table |
4.0 | 2024-04-05 | Added remediation information for iDRAC 8 |
5.0 | 2024-04-08 | Updated for enhanced presentation with no changes to content |
6.0 | 2024-04-10 | Added iDRAC9 version for PowerEdge 16th Generation |
7.0 | 2024-04-25 | Added a "NOTE" to provide more information for 15th and 16th Generation coverage |
8.0 | 2024-05-22 | Updated for enhanced presentation with no changes to content. |
9.0 | 2024-06-13 | Updated for enhanced presentation with no changes to content. |
10.0 | 2024-06-22 | Updated for enhanced presentation with no changes to content. |
11.0 | 2024-06-22 | Updated for enhanced presentation with no changes to content. |
12.0 | 2024-06-26 | Added remediation information for iRAC9 15th and 16th Generation |
26 Jun 2024
Dell Security Advisory