Nicolas, Evelyn's replies are always thorough and golden. I would add that most reports, like the one you are looking at, list the applicable CVE(s). You could always take those CVEs and look them up at https://www.ibm.com/support/pages/bulletin
Being on the latest code, while recommended, is not the cure all. You must also follow Evelyn's suggestion to configure and set your security features as recommended.
------------------------------
Robert Berendt IBMChampion
------------------------------
Original Message:
Sent: Thu February 22, 2024 07:06 AM
From: Evelyn Perez
Subject: IBM Storwize V5000 - SSH Vilnerability
Hi Nicolas -
Step 1: be on the latest versions of code available as we will clean up security issues as we modernise. (Also make sure you are on a supported code version/platform is generally good hygiene)
Step 2: Be aware of our security feature set that allows you to set higher minimum security levels (disable insecure ciphers, and get to Newer versions of TLS, etc). https://www.redbooks.ibm.com/redpapers/pdfs/redp5678.pdf
If you are running on an ancient version of code or unsupported hardware then it is time to upgrade/migrate to address these issues, as the lifecycle of software updates on platforms, while long , is not indefinite.
------------------------------
Evelyn Perez
IBM Senior Technical Staff Member
IBM Storage Virtualize Software Architect for SVC and FlashSystem
Original Message:
Sent: Wed February 21, 2024 05:27 AM
From: Nicolas Bebin
Subject: IBM Storwize V5000 - SSH Vilnerability
Hello all,
You have a storwize V5000 controler and expansion.
SOS scan vulnerability report this :
SSH Server CBC Mode Ciphers Enabled |
SSH Weak Key Exchange Algorithms Enabled |
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) |
SSH Server CBC Mode Ciphers Enabled |
SSH Weak Key Exchange Algorithms Enabled |
SSH Server CBC Mode Ciphers Enabled |
SSH Weak Key Exchange Algorithms Enabled |
TLS Version 1.1 Protocol Deprecated |
How can I mitigate all ?
Thanks for reply
------------------------------
Nicolas Bebin
Security Service Delivery France – Manager IT OPS Team
IBM Services Center France
------------------------------