Security Bulletin: This Power System update is being released to address CVE-2023-48795

Summary

This affects the BMC’s secure shell (SSH) interfaces which provides service access to the BMC’s command shell, access to the host console, and service access to the hypervisor console. The BMC does not have SSH extensions, so a successful attack will not downgrade client connection security.

Vulnerability Details

CVEID:CVE-2023-48795
**DESCRIPTION:**OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport protocol when used with certain OpenSSH extensions. A remote attacker could exploit this vulnerability to launch a machine-in-the-middle attack and strip an arbitrary number of messages after the initial key exchange, breaking SSH extension negotiation and downgrading the client connection security.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275282 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

Customers with the products below should install FW1020.60(1020_118), FW1030.50(1030_082), FW1050.11(1050_070) or newer to remediate this vulnerability.

Power 10

1. IBM Power System S1022 (9105-22A)
2. IBM Power System S1024 (9105-42A)
3. IBM Power System S1022S (9105-22B)
4. IBM Power System S1014 (9105-41B)
5. IBM Power System E1050 (9043-MRX)
6. IBM Power System L1022 (9786-22H)
7. IBM Power System L1024 (9786-42H)

Workarounds and Mitigations

To mitigate this issue, install and operate the eBMC system on a private network or public network that is behind a firewall or avoid creating SSH connections to the BMC.

To work around this issue, use the BMC’s ASMI web interface to access the host console (which does not use the affected SSH protocol).