Servers - General
1820638 Members
1965 Online
109626 Solutions
New Discussion

iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

 
ShamVMH
Occasional Contributor

iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

Hello,

We had a vulnerability scan in the environment and it flagged iLO Amp Pack IP address against CVE-2023-38408.

See details below, please:

Summary

OpenBSD OpenSSH is prone to a remote code execution (RCE) vulnerability in OpenSSH's forwarded ssh-agent.

Related CVE

CVE-2023-38408

Vulnerability Detection Result

Installed version: 7.9p1 Fixed version: 9.3p2 Installation path / port: 22/tcp

Solution

Update to version 9.3p2 or later.

Vulnerability Insight

A condition where specific libraries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket.

Vulnerability Detection Method

Checks if a vulnerable version is present on the target host. Details: OpenBSD OpenSSH < 9.3p2 RCE Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.104869) Version used: 2023-10-13T05:06:10Z

References

https://www.openssh.com/releasenotes.html#9.3p2,https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt

 

Our iLO Amp Pack version is 2.23 build 1

Does it still apply to iLO Amp Pack and what can we do to mitigate it, please?

Thank you,

Sham

7 REPLIES 7
GM_M
HPE Pro

Re: iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

Hi ShamVMH 

Please use this link to get details about iLO Amplifier Pack and details of how to migrate to newer version.

Thanks and Regards,
Manoj.



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
ShamVMH
Occasional Contributor

Re: iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

@GM_M 

Hi Manoj,

Thank you for the link to document.

We are on the latest update - version: 2.23.

Can you advise on the vulenrablilty, please?

The other option is to disbale shh but I can't find it in the web interface.

Thank you,

 

Sham

 

Mr_Techie
Trusted Contributor

Re: iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

Hi Sham,

Your vulnerability scan flagged iLO Amplifier Pack  version 2.23 build 1 for CVE-2023-38408, related to OpenSSH 7.9p1, which has a remote code execution  risk via forwarded ssh-agent.

- You are already on the latest version (2.23), but HPE may release a future update addressing this vulnerability.

- If possible disable SSh 

- If disabling SSH isn’t possible, configure your firewall to block incoming connections on port 22.

- Since this is the latest version, reach out to HPE Support for confirmation on whether a fix is planned. 

 

By applying these steps, you can reduce exposure to the vulnerability while waiting for an official patch.

Let me know how it goes. 

ShamVMH
Occasional Contributor

Re: iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

Hello,

 

Thnank you for going back to me.

I am happy to disable SSH - can you advise if this is possible on iLO Amplifier appliance as I haven't seen this option in the web interface?

If this is not possible I will try to block it on the firewall.

I will try opening a case with HPE support as well.

Thank you.

Mr_Techie
Trusted Contributor

Re: iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

@ShamVMH 

Disabling SSH on the iLO Amplifier Pack is a prudent step to mitigate the CVE-2023-38408 vulnerability. However, as you've noted, the web interface does not provide an option to disable SSH. Additionally, the available user guides do not offer specific instructions for this action.

Since disabling SSH directly on the iLO Amplifier Pack isn't feasible through the web interface, you can configure your network firewall to block incoming connections on port 22, which is used for SSH. This approach effectively prevents SSH access to the appliance.

If not, please go ahead and log a support case, they will help further. 

Rama2
HPE Pro

Re: iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

Yes.. .. CVE-2023-38408 vulnerability Issue is addressed in iLO Amplifier 2.23



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
support_s
System Recommended

Query: iLO Amplifier Pack - flagged vulnerability - CVE-2023-38408.

Hello,

 

Let us know if you were able to resolve the issue.

If you are satisfied with the answers then kindly click the "Accept As Solution" button for the most helpful response so that it is beneficial to all community members.

 

 

Please click on "Thumbs Up/Kudo" icon to give a "Kudo".


Accept or Kudo