Lucene search

IBM5BEE99A7D8AF891DC397E7D66981EA63A7C7B9D49F02F2A08954B958D2A84AC0

HistoryAug 06, 2024 - 5:33 p.m.

Security Bulletin: TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocol

2024-08-0617:33:22

www.ibm.com

tssc/imc

prefix truncation attack

binary packet protocol

patch updates

libssh library

cve-2023-48795

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.8

Confidence

Low

EPSS

0.965

Percentile

99.6%

JSON

Summary

TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocold. A patch has been provided that updates the libssh library. CVE-2023-48795.

Vulnerability Details

CVEID:CVE-2023-48795
**DESCRIPTION:**OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport protocol when used with certain OpenSSH extensions. A remote attacker could exploit this vulnerability to launch a machine-in-the-middle attack and strip an arbitrary number of messages after the initial key exchange, breaking SSH extension negotiation and downgrading the client connection security.
CVSS Base score: 10
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275282 for the current score.
CVSS Vector:

Affected Products and Versions

Affected Product(s)	Version(s)
Total Storage Service Console (TSSC) / TS4500 IMC	9.2.11 - 9.5.8

Remediation/Fixes

Affected Product(s)	Version(s)	Remediation/Fix/Instructions
Total Storage Service Console (TSSC) / TS4500 IMC	9.4.14

Upgrade to 9.4.26/9.5.8

Download patch and execute on TSSC/IMC system

Total Storage Service Console (TSSC) / TS4500 IMC| 9.4.21|

Upgrade to 9.4.26/9.5.8

Download patch and execute on TSSC/IMC system

Total Storage Service Console (TSSC) / TS4500 IMC| 9.4.26| Download patch and execute on TSSC/IMC system
Total Storage Service Console (TSSC) / TS4500 IMC| 9.5.8| Download patch and execute on TSSC/IMC system

Please refer to the Maintenance Information document for information on how to download the patch

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmts7700Match9.4.14

ibmts7700Match9.4.21

ibmts7700Match9.4.26

ibmts7700Match9.5.8

VendorProductVersionCPE
ibmts77009.4.14cpe:2.3:h:ibm:ts7700:9.4.14:*:*:*:*:*:*:*
ibmts77009.4.21cpe:2.3:h:ibm:ts7700:9.4.21:*:*:*:*:*:*:*
ibmts77009.4.26cpe:2.3:h:ibm:ts7700:9.4.26:*:*:*:*:*:*:*
ibmts77009.5.8cpe:2.3:h:ibm:ts7700:9.5.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	ts7700	9.4.14	cpe:2.3:h:ibm:ts7700:9.4.14:::::::*
ibm	ts7700	9.4.21	cpe:2.3:h:ibm:ts7700:9.4.21:::::::*
ibm	ts7700	9.4.26	cpe:2.3:h:ibm:ts7700:9.4.26:::::::*
ibm	ts7700	9.5.8	cpe:2.3:h:ibm:ts7700:9.5.8:::::::*