Extreme Networks Response to US-CERT Vulnerability Advisory VU#720951

  • 0
  • 1
  • Article
  • Updated 5 years ago
  • (Edited)
Article ID: 16131 

Black Diamond Series X8, 8900, and 8800 running EXOS version 15.4.1
Summit Series X770, X670, X480, X460, X440, X430, E4G-200, and E4G-400 running EXOS version 15.4.1
64-bit (Ubuntu) hardware-based and virtual NetSight appliances running version 4.4, 5.0, 5.1, or 6.0
64-bit (Ubuntu) hardware-based and virtual NAC & IA appliances running version 5.0, 5.1, or 6.0
64-bit (Ubuntu) hardware-based and virtual Purview appliances running version 6.0

On April 7 2014, US-CERT issued advisory 720951.
(This issue is also tracked as CVE-2014-0160, and discussed in 16130.)

The advisory overview...
OpenSSL 1.0.1 contains a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as "heartbleed."

The advisory impact...
By attacking a service that uses a vulnerable version of OpenSSL, a remote, unauthenticated attacker may be able to retrieve sensitive information, such as secret keys. By leveraging this information, an attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network traffic that would otherwise be protected by OpenSSL.

The advisory lists a number of affected vendors, including Extreme Networks and Enterasys Networks.

If within the advisory the hyperlinked Extreme Networks or Enterasys Networks Information still reads "No statement is currently available from the vendor regarding this vulnerability.", then please refer to this statement (.pdf, 200 KB) submitted to US-CERT on April 11 2014.

EXOS 15.4.1-patch1-10 is available for download via eSupport's "Download Software Updates" link.
The NetSight patch is available for download from the NMS Product page, or here (1.5 MB).
A set of Dragon signatures was released on April 9, to assist in detecting attempted exploits.

Also see this Hub community discussion.
Photo of FAQ User

FAQ User, Official Rep

  • 13,620 Points 10k badge 2x thumb

Posted 5 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.