New Release – HPE Virtual Connect 4.75

HPE has released virtual connect 4.75 to apply some enhancements and fixes problem in environment which virtual connect has been used. There is seven enhancements and eight fixes that includes some resolutions for security issues.

This update is not critical but recommended. So if you can upgrade do it ASAP.

Enhancements in HPE Virtual Connect 4.75

HPE Virtual Connect 4.75 came with the below enhancements:

  • Support for Common Access Card(CAC)
  • Support for Commercial National Security Algorithm Suite(CNSA) in single-enclosure domain.
  • Support for configuring the TLS Cipher(s) in Non-FIPS, FIPS and CNSA mode for VCM GUI web server.
  • Ability to configure the aes256-cbc SSH cipher for VC Ethernet modules
  • Support for Microsoft® Internet Explorer 11.0.65
  • Support for Mozilla™ Firefox® 60.0
  • Support for Mozilla™ Firefox® Extended Support Release (ESR) 60.0

Which problems have been fixed?

VC 4.75 release resolves the following issues:

  • Disabled support for diffie-hellman-group14-sha1 and diffie-hellman-group-exchange-sha1 key exchange algorithms for SSH communication from VC Ethernet Modules.
  • The ifOutDiscards does not display the correct value on HPE VC Flex-10 10Gb Ethernet Module and HPE VC FlexFabric 10Gb/24-Port Module.
  • The fOutDiscards are incorrectly incremented for ingress drops on HPE VC Flex-10/10D Module.
  • In a rare scenario, when an unassigned network which was restored from the backup configuration file, is assigned to the VC Profile might result in an outage.
  • When internal stacking links(X7, X8) are used as uplinks and horizontally adjacent Module is reseated, the internal stacking link(s) will toggle and cause temporary network outage on HPE VC FlexFabric 10Gb/24-Port Module.
  • Subject Alternative Name is not considered during Certificate Signing Request (CSR) request and will not reflect in the generated CSR.
  • The support dump cannot be captured in an multi-enclosure environment from VCM or VCSU when HPE VC 8Gb 24-port FC Module or HPE VC 16Gb 24-port FC module are installed.
  • If a server profile has iSCSI connections with duplicate initiator name or IP set, then assigning or unassigning the profile to a server fails.

VC 4.75 addresses the following security vulnerabilities for Ethernet Modules:

  • CVE-2017-16931
  • CVE-2016-8743
  • CVE-2016-6210
  • CVE-2015-8710
  • CVE-2015-3185
  • CVE-2013-0338
  • Mitigating CVE-2007-6750
  • HTTP OPTIONS method is disabled

VC 4.75 addresses the following security vulnerabilities for HPE VC 8Gb 24-port FC Module and HPE VC 16Gb 24-port FC Module:

  • CVE-2016-2183
  • CVE-2016-0800
  • CVE-2016-6515
  • CVE-2015-8325
  • CVE-2015-8325
  • CVE-2015-0291

Further Reading

HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF)

Davoud Teimouri

Davoud Teimouri is as a professional blogger, vExpert 2015/2016/2017/2018/2019, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

Leave a Reply

Your email address will not be published. Required fields are marked *