ExtremeSwitching (EXOS)

  • 1.  Vulnerability Notices || VN 2017-003 & VN 2017-004

    Posted 11-15-2017 19:59
    Extreme Networks has been made aware of a number of vulnerabilities present in its ExtremeXOS software. These vulnerabilities have been resolved in currently available releases and are described in two separate Vulnerability Notices, listed below:Customers with a current maintenance and support contract may access the Extreme Portal for software updates at: https://extremeportal.force.com/

    If you have additional questions concerning this information, post a response below or contact your Extreme Networks representative.

    NOTE: Extreme's Vulnerability Notices are posted in the GTAC Knowledge section of the Extreme Portal.



  • 2.  RE: Vulnerability Notices || VN 2017-003 & VN 2017-004

    Posted 11-17-2017 08:47
    Hi,

    VN 2017-003 is a bit funny, since other vendors allow root access to the switches by default and admin privileges are needed to escalate to root.

    I accept that a possibility to restrict root access by configuration can be useful, as planned for addressing the "vulnerabilities."

    Thanks,
    Erik