https://community.extremenetworks.com/t5/extremeswitching-exos-switch/vulnerability-notices-vn-2017-003-vn-2017-004/m-p/24696#M2825 Extreme Networks has been made aware of a number of vulnerabilities present in its ExtremeXOS software. These vulnerabilities have been resolved in currently available releases and are described in two separate Vulnerability Notices, listed below:<UL> <LI><A href="https://extremeportal.force.com/ExtrArticleDetail?n=000017719" target="_blank" rel="nofollow noreferrer noopener">VN 2017-003, Local Access Control (Multiple CVEs)</A> </LI><LI><A href="https://extremeportal.force.com/ExtrArticleDetail?n=000017765" target="_blank" rel="nofollow noreferrer noopener">VN 2017-004 (CVE-2017-14328, CVE-2017-14332)</A></LI></UL>Customers with a current maintenance and support contract may access the Extreme Portal for software updates at: <A href="https://extremeportal.force.com/" target="_blank" rel="nofollow noreferrer noopener">https://extremeportal.force.com/</A><BR /> <BR /> If you have additional questions concerning this information, post a response below or contact your Extreme Networks representative.<BR /> <BR /> NOTE: <A href="https://extremeportal.force.com/ExtrSearch?q=#t=Knowledge&amp;#38;sort=relevancy&amp;#38;f:@objecttypename=%5BVulnerability%20Notice%5D" target="_blank" rel="nofollow noreferrer noopener">Extreme's Vulnerability Notices</A> are posted in the <A href="https://extremeportal.force.com/ExtrSearch?q=" target="_blank" rel="nofollow noreferrer noopener">GTAC Knowledge</A> section of the <A href="https://extremeportal.force.com/" target="_blank" rel="nofollow noreferrer noopener">Extreme Portal</A>.<BR /> <BR /> Thu, 16 Nov 2017 03:59:00 GMT Drew_C 2017-11-16T03:59:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/vulnerability-notices-vn-2017-003-vn-2017-004/m-p/24696#M2825 Extreme Networks has been made aware of a number of vulnerabilities present in its ExtremeXOS software. These vulnerabilities have been resolved in currently available releases and are described in two separate Vulnerability Notices, listed below:<UL> <LI><A href="https://extremeportal.force.com/ExtrArticleDetail?n=000017719" target="_blank" rel="nofollow noreferrer noopener">VN 2017-003, Local Access Control (Multiple CVEs)</A> </LI><LI><A href="https://extremeportal.force.com/ExtrArticleDetail?n=000017765" target="_blank" rel="nofollow noreferrer noopener">VN 2017-004 (CVE-2017-14328, CVE-2017-14332)</A></LI></UL>Customers with a current maintenance and support contract may access the Extreme Portal for software updates at: <A href="https://extremeportal.force.com/" target="_blank" rel="nofollow noreferrer noopener">https://extremeportal.force.com/</A><BR /> <BR /> If you have additional questions concerning this information, post a response below or contact your Extreme Networks representative.<BR /> <BR /> NOTE: <A href="https://extremeportal.force.com/ExtrSearch?q=#t=Knowledge&amp;#38;sort=relevancy&amp;#38;f:@objecttypename=%5BVulnerability%20Notice%5D" target="_blank" rel="nofollow noreferrer noopener">Extreme's Vulnerability Notices</A> are posted in the <A href="https://extremeportal.force.com/ExtrSearch?q=" target="_blank" rel="nofollow noreferrer noopener">GTAC Knowledge</A> section of the <A href="https://extremeportal.force.com/" target="_blank" rel="nofollow noreferrer noopener">Extreme Portal</A>.<BR /> <BR /> Thu, 16 Nov 2017 03:59:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/vulnerability-notices-vn-2017-003-vn-2017-004/m-p/24696#M2825 Drew_C 2017-11-16T03:59:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/vulnerability-notices-vn-2017-003-vn-2017-004/m-p/24697#M2826 Hi,<BR /> <BR /> VN 2017-003 is a bit funny, since other vendors allow root access to the switches by default and admin privileges are needed to escalate to root.<BR /> <BR /> I accept that a possibility to restrict root access by configuration can be useful, as planned for addressing the "vulnerabilities."<BR /> <BR /> Thanks,<BR /> Erik Fri, 17 Nov 2017 16:47:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/vulnerability-notices-vn-2017-003-vn-2017-004/m-p/24697#M2826 Erik_Auerswald 2017-11-17T16:47:00Z