https://community.extremenetworks.com/t5/extremewireless-iqe/cve-2023-35803-mitigation/m-p/96573#M1356 <P>Hi, "Outbound" policy controls traffic sent by the Wireless Users (whatever is the destination).<BR />Regards,</P> Tue, 25 Jul 2023 13:50:39 GMT LaurentA 2023-07-25T13:50:39Z https://community.extremenetworks.com/t5/extremewireless-iqe/cve-2023-35803-mitigation/m-p/96488#M1350 <P>Hello, until we get the firmware upgraded, what sort of AP firewall policy is required to mitigate this vulnerability ? i.e inbound/outbound ? blocking port 5916 ?</P><H2>CVE-2023-35803</H2><P>Thank you kindly</P> Wed, 19 Jul 2023 07:43:50 GMT https://community.extremenetworks.com/t5/extremewireless-iqe/cve-2023-35803-mitigation/m-p/96488#M1350 fran1942 2023-07-19T07:43:50Z https://community.extremenetworks.com/t5/extremewireless-iqe/cve-2023-35803-mitigation/m-p/96492#M1351 <P>For anyone who missed it here is the CVE announcement - <A href="https://community.extremenetworks.com/t5/security-advisories-formerly/sa-2023-067-iq-engine-acsd-service-buffer-overflow-cve-2023/ba-p/96472" target="_blank">https://community.extremenetworks.com/t5/security-advisories-formerly/sa-2023-067-iq-engine-acsd-service-buffer-overflow-cve-2023/ba-p/96472</A></P><P>I too would like to know a few more details about this CVE.</P><P>The other <A href="https://community.extremenetworks.com/t5/security-advisories-formerly/sa-2023-066-iq-engine-capwap-buffer-overflow-cve-2023-35802/ba-p/96471" target="_self">CVE</A> posted Monday specifies what access is needed to conduct the exploit. I'm not seeing that information for this one which seems like very relevant information given that there are so many AP models that won't be seeing a patch for this for at least 3 months or more!</P> Wed, 19 Jul 2023 13:01:34 GMT https://community.extremenetworks.com/t5/extremewireless-iqe/cve-2023-35803-mitigation/m-p/96492#M1351 w1f1n00b 2023-07-19T13:01:34Z https://community.extremenetworks.com/t5/extremewireless-iqe/cve-2023-35803-mitigation/m-p/96505#M1352 <P>Hi,</P><P>According to the researcher Blog and Exploit code, the attacker needs to connect to the AP over the port TCP/5916.<BR />A quick workaround should be to block this port to anyone (using Firewall in User-Profiles for Wi-Fi users, and using classic LAN segmentation for the wired users).<BR />Regards,</P> Thu, 20 Jul 2023 12:08:25 GMT https://community.extremenetworks.com/t5/extremewireless-iqe/cve-2023-35803-mitigation/m-p/96505#M1352 LaurentA 2023-07-20T12:08:25Z https://community.extremenetworks.com/t5/extremewireless-iqe/cve-2023-35803-mitigation/m-p/96546#M1353 <P>thank you. Would that be an inbound or outbound policy to block TCP 5916 ?</P> Sun, 23 Jul 2023 22:11:27 GMT https://community.extremenetworks.com/t5/extremewireless-iqe/cve-2023-35803-mitigation/m-p/96546#M1353 fran1942 2023-07-23T22:11:27Z https://community.extremenetworks.com/t5/extremewireless-iqe/cve-2023-35803-mitigation/m-p/96553#M1354 <P>Hi,<BR />In all your Wireless User-Profiles&nbsp; in Firewall "Outbound Policy" you should block connection to TCP/5916 port by creating a "Deny" rule on top.<BR />This will prevent attack from Wireless Users (for the Wired one, rely on your corporate firewall, as long as the AP are in an isolated network).<BR />To ensure the port is not reachable anymore, you can use Microsoft Powershell "Test-NetConnection" commandlet.<BR />Example, if your Access Point IP address is 10.0.0.10, you can use the following powershell command :<BR />tnc 10.0.0.10 -port 5916<BR /><SPAN>The "TcpTestSucceeded" result should be "false".</SPAN></P><P><SPAN>Regards,</SPAN></P> Mon, 24 Jul 2023 14:02:28 GMT https://community.extremenetworks.com/t5/extremewireless-iqe/cve-2023-35803-mitigation/m-p/96553#M1354 LaurentA 2023-07-24T14:02:28Z https://community.extremenetworks.com/t5/extremewireless-iqe/cve-2023-35803-mitigation/m-p/96556#M1355 <P>thank you. So an 'outbound' policy controls traffic coming into the AP from wireless users ?</P><P>&nbsp;</P> Mon, 24 Jul 2023 20:25:51 GMT https://community.extremenetworks.com/t5/extremewireless-iqe/cve-2023-35803-mitigation/m-p/96556#M1355 fran1942 2023-07-24T20:25:51Z https://community.extremenetworks.com/t5/extremewireless-iqe/cve-2023-35803-mitigation/m-p/96573#M1356 <P>Hi, "Outbound" policy controls traffic sent by the Wireless Users (whatever is the destination).<BR />Regards,</P> Tue, 25 Jul 2023 13:50:39 GMT https://community.extremenetworks.com/t5/extremewireless-iqe/cve-2023-35803-mitigation/m-p/96573#M1356 LaurentA 2023-07-25T13:50:39Z