HPE Community
Servers - General
1820666 Members
2398 Online
109626 Solutions
New Discussion

Query: iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

 
ShamVMH
Occasional Contributor

‎01-15-2025 07:43 AM - last edited on ‎01-16-2025 03:31 AM by

‎01-15-2025 07:43 AM - last edited on ‎01-16-2025 03:31 AM by

iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

Hello,

We had a vulnerability scan in the environment and it flagged iLO Amp Pack IP address against CVE-2023-38408.

See details below, please:

Summary

OpenBSD OpenSSH is prone to a remote code execution (RCE) vulnerability in OpenSSH's forwarded ssh-agent.

Related CVE

CVE-2023-38408

Vulnerability Detection Result

Installed version: 7.9p1 Fixed version: 9.3p2 Installation path / port: 22/tcp

Solution

Update to version 9.3p2 or later.

Vulnerability Insight

A condition where specific libraries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket.

Vulnerability Detection Method

Checks if a vulnerable version is present on the target host. Details: OpenBSD OpenSSH < 9.3p2 RCE Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.104869) Version used: 2023-10-13T05:06:10Z

References

https://www.openssh.com/releasenotes.html#9.3p2,https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt

 

Our iLO Amp Pack version is 2.23 build 1

Does it still apply to iLO Amp Pack and what can we do to mitigate it, please?

Thank you,

Sham

0 Kudos
Reply
7 REPLIES 7
GM_M
HPE Pro

‎01-15-2025 10:26 PM

‎01-15-2025 10:26 PM

Re: iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

Hi ShamVMH 

Please use this link to get details about iLO Amplifier Pack and details of how to migrate to newer version.

Thanks and Regards,
Manoj.



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
ShamVMH
Occasional Contributor

‎01-16-2025 06:19 AM - last edited on ‎01-16-2025 09:34 PM by

‎01-16-2025 06:19 AM - last edited on ‎01-16-2025 09:34 PM by

Re: iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

@GM_M 

Hi Manoj,

Thank you for the link to document.

We are on the latest update - version: 2.23.

Can you advise on the vulenrablilty, please?

The other option is to disbale shh but I can't find it in the web interface.

Thank you,

 

Sham

 

0 Kudos
Reply
Mr_Techie
Trusted Contributor

‎01-29-2025 04:36 AM

‎01-29-2025 04:36 AM

Re: iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

Hi Sham,

Your vulnerability scan flagged iLO Amplifier Pack  version 2.23 build 1 for CVE-2023-38408, related to OpenSSH 7.9p1, which has a remote code execution  risk via forwarded ssh-agent.

- You are already on the latest version (2.23), but HPE may release a future update addressing this vulnerability.

- If possible disable SSh 

- If disabling SSH isn’t possible, configure your firewall to block incoming connections on port 22.

- Since this is the latest version, reach out to HPE Support for confirmation on whether a fix is planned. 

 

By applying these steps, you can reduce exposure to the vulnerability while waiting for an official patch.

Let me know how it goes. 

0 Kudos
Reply
ShamVMH
Occasional Contributor

‎01-30-2025 08:06 AM

‎01-30-2025 08:06 AM

Re: iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

Hello,

 

Thnank you for going back to me.

I am happy to disable SSH - can you advise if this is possible on iLO Amplifier appliance as I haven't seen this option in the web interface?

If this is not possible I will try to block it on the firewall.

I will try opening a case with HPE support as well.

Thank you.

0 Kudos
Reply
Mr_Techie
Trusted Contributor

‎01-30-2025 11:59 PM

‎01-30-2025 11:59 PM

Re: iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

@ShamVMH 

Disabling SSH on the iLO Amplifier Pack is a prudent step to mitigate the CVE-2023-38408 vulnerability. However, as you've noted, the web interface does not provide an option to disable SSH. Additionally, the available user guides do not offer specific instructions for this action.

Since disabling SSH directly on the iLO Amplifier Pack isn't feasible through the web interface, you can configure your network firewall to block incoming connections on port 22, which is used for SSH. This approach effectively prevents SSH access to the appliance.

If not, please go ahead and log a support case, they will help further. 

0 Kudos
Reply
Rama2
HPE Pro

‎01-31-2025 12:55 AM

‎01-31-2025 12:55 AM

Re: iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

Yes.. .. CVE-2023-38408 vulnerability Issue is addressed in iLO Amplifier 2.23



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
support_s
System Recommended

‎02-10-2025 01:23 AM

‎02-10-2025 01:23 AM

Query: iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

Hello,

 

Let us know if you were able to resolve the issue.

If you are satisfied with the answers then kindly click the "Accept As Solution" button for the most helpful response so that it is beneficial to all community members.

 

 

Please click on "Thumbs Up/Kudo" icon to give a "Kudo".


Accept or Kudo

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.