XOS 16.1.3.6 patch 1.8 affected by CVE-2014-3566 and CVE-2004-0230?

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered

HI, Our customer uses XOS 16.1.3.6 patch 1.8 and during the test he found out that it may be affected by CVE-2014-3566 ( poodle ) and DOS CVE-2004-0230. Extreme page says about poodle that XOS version higher than 15.3 is patched , however SSL v3 is stil availble there , am i right ? How to deactiavte SSLv3 on this version and use TLS 1.1 or higher ?

Can you elabore more on SSLv3 ?

What about the other CVE-2004 -0230, does it affect them ?

M.Gorczyca

Photo of Marek Gorczyca

Marek Gorczyca

  • 70 Points

Posted 2 years ago

  • 0
  • 1
Photo of Ram

Ram, Employee

  • 1,450 Points 1k badge 2x thumb
Please open a new GTAC case for this inquiry. Also, in case description can you please clarify what are the test performed with steps and attach the copy of the outputs in the case notes which causes concern.
Photo of Ram

Ram, Employee

  • 1,450 Points 1k badge 2x thumb
Potential Vulnerability - CVE-2014-3566 aka POODLE SSL protocol 3.0 can be tracked using CR# xos0058527.

Fixed in following EXOS version:
----------------------------------------
15.3.5.2
15.5.4.2-patch1-5
15.6.2.8
15.7.0.22