Vulnerability Notices || VN 2017-003 & VN 2017-004

  • 1
  • Announcement
  • Updated 6 months ago
  • (Edited)
Extreme Networks has been made aware of a number of vulnerabilities present in its ExtremeXOS software. These vulnerabilities have been resolved in currently available releases and are described in two separate Vulnerability Notices, listed below: Customers with a current maintenance and support contract may access the Extreme Portal for software updates at: https://extremeportal.force.com/

If you have additional questions concerning this information, post a response below or contact your Extreme Networks representative.

NOTE: Extreme's Vulnerability Notices are posted in the GTAC Knowledge section of the Extreme Portal.
Photo of Drew C.

Drew C., Community Manager

  • 36,968 Points 20k badge 2x thumb

Posted 6 months ago

  • 1
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,742 Points 10k badge 2x thumb
Hi,

VN 2017-003 is a bit funny, since other vendors allow root access to the switches by default and admin privileges are needed to escalate to root.

I accept that a possibility to restrict root access by configuration can be useful, as planned for addressing the "vulnerabilities."

Thanks,
Erik