Skip to main content
Start a Conversation

Solved!

Go to Solution

szaboistvan007

1 Rookie

 • 

9 Posts

848

September 4th, 2024 13:43

Dell EMC PowerVault ME4024 CVE-2023-48795

Hi there,

Is there any way to fix the terrapin vulnerability for the ME4024?

Thanks,

Istvan

DELL-Charles R

Moderator

 • 

4.7K Posts

September 4th, 2024 18:54

Hello,

 

I did not find that specific ME4 Vulnerability CVE-2023-48795 listed on Dell Security Advisories and Notices:

https://www.dell.com/support/security/

 

The limited information I did find:
 

ME40xx Storage Arrays

 

Vulnerability is exploited with specific ciphers: there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). Mitigations by removal of the ciphers can done on either server side or client side to be effective.

 

For the client side, an end user can remove the two ciphers from the default offered ciphers.

 

For the server side, ME4 firmware G280R014-01 will not be remediated. Products are EOL.

To my knowledge there would be no more update but you may check back periodically to see if anything changes.

There is also a link on that page to Subscribe to Security Alerts.

 

Along with those points, my personal suggestion for anyone dealing with vulnerabilities on EOL systems is to also consider segmenting the network to have an isolated management network. This way the management for their devices and only the workstations that should be managing them will be able to communicate with each other. This would prevent untrusted sources from having access to even attempt to exploit these.

DELL-Charles R

Moderator

 • 

4.7K Posts

September 18th, 2024 17:30

Hello,

 

The PowerVault family of storage systems is still ongoing. The current generation of PowerVault ME Storage is the ME5 series (ME5012, ME5024, ME5084).  The ME4 generation is no longer being sold and GT280R014-01 is intended to be the final firmware release for that generation. 

 

Tech support has asked for the security site to be updated regarding ME4 and CVE-2023-48795. There is a pending request so we are still waiting for all that to be approved in order to post an official document on our Dell Security web page.  

szaboistvan007

1 Rookie

 • 

9 Posts

September 18th, 2024 12:53

@DELL-Charles R​ Can you provide any documentation that this system is EOL? I have checked the documentation from this link: https://www.dell.com/support/kbdoc/en-us/000185734/all-dell-emc-end-of-life-documents?dgc=SM&cid=1595898&lid=spr11864206679&refid=sm_COMMUNITY_spr11864206679&linkId=249530110

However I do not see the ME4024 mentioned.

Thanks,

Istvan

DELL-Charles R

Moderator

 • 

4.7K Posts

September 18th, 2024 13:26

Hello,

 

The ME4024 is not currently listed as EOL. That information I posted was from a storage engineer that told me engineering is still waiting for the approvals to post that it is EOL.

 

I can see if I can find any updated information and let you know.

Kukoc Chang

1 Rookie

 • 

1 Message

November 19th, 2024 00:43

@DELL-Charles R​ 
Hi, Charles
        We have also have same issue.
I would like to know is It possible to get Root password to edit SSH config file to disable affected Cipher and restart SSH service . I suppose this way should be fine to fix the  CVE-2023-48795.
Please advice how to get root password to edit SSH config file. thank you. 

DELL-Joey C

Moderator

 • 

4.1K Posts

November 19th, 2024 03:50

Hi,

 

I don't have the information of the root password to amend SSH file. It's probably better to contact the support line to raise a case on the vulnerability of CVE-2023-48795 which you are concerned about. Engineer will perhaps either develop the newer firmware or to remote into the storage to amend the SSH file as your request. 

Was this post helpful?

View All

Top