Operational Defect Database
BugZero found this defect 47 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Hewlett Packard Enterprise | a00137703en_us
Advisory: (Revision) HPE SimpliVity - Workaround for Security Vulnerability CVE-2023-48795 (Terrapin Attack)
Last update date:
4/3/2024
Affected products:
SimpliVity Omnistack for HPE
Affected releases:
No affected releases provided.
Fixed releases:
No fixed releases provided.
Description:
Info
Document Version Release Date Details 3 April 3, 2024 Updated Resolution with permanent fix. 2 March 5, 2024 Updated Resolution. 1 February 8, 2024 Original Document Release. HPE SimpliVity is impacted by the recent security vulnerability, CVE-2023-48795; this vulnerability is also known as the Terrapin Attack. Read more details about the vulnerability here . The next release of SimpliVity OmniStack will contain an updated version of OpenSSH which will mitigate this issue. Find below details on a workaround that can be applied to active versions of OmniStack.
Scope
SimpliVity Engineering has qualified a workaround to CVE-2023-48795 for the active versions of OmniStack: 4.2.0 4.1.3 4.1.2
Resolution
This issue has been solved with HPE SimpliVity OmniStack 5.0.0 . For previous versions, contact HPE Support for assistance implementing the workaround, reference Document ID a00138174en_us. RECEIVE PROACTIVE UPDATES : Receive support alerts (such as Customer Advisories), as well as updates on drivers, software, firmware, and customer replaceable components, proactively in your e-mail through HPE Support Alerts. Sign up for Support Alerts at the following URL: HPE Email Preference Center. NAVIGATION TIP: For hints on navigating HPE.com to locate the latest drivers, patches and other support software downloads, refer to the Navigation Tips document. SEARCH TIP: For hints on locating similar documents on HPE.com, refer to the Search Tips document.
