topic Re: HTTP vulnerabilities on wireless controller C5210 in ExtremeWireless (Identifi)

HTTP vulnerabilities on wireless controller C5210

aguerrero — Wed, 22 Apr 2020 10:19:49 GMT

I have this security issue on a C5210 controller

“HTTP Security Header Not Detected Port 443”

Some ideas for remediation?

Best Regards

Re: HTTP vulnerabilities on wireless controller C5210

Brian_Anderson1 — Thu, 23 Apr 2020 00:59:24 GMT

What the issue? The port for wireless controller is 5825, not 443.

Re: HTTP vulnerabilities on wireless controller C5210

Ronald_Dvorak — Thu, 23 Apr 2020 01:22:08 GMT

As far as I unterstand Google Search the security scan of this magic box is reporting something that has no CVE ID - as per other articles in the search that would mean this isn’t a vulnerability.

-Ron

Re: HTTP vulnerabilities on wireless controller C5210

aguerrero — Thu, 23 Apr 2020 07:19:16 GMT

Customer is using this software Qualys, Inc.: Information Security and Compliance for detecting vulnerabilities and we should apply this remediation

“Configure the web server to make use of the different security headers”

Any idea?

Best Regards

Re: HTTP vulnerabilities on wireless controller C5210

Ronald_Dvorak — Thu, 23 Apr 2020 13:48:12 GMT

Here the article that I’ve mentioned…..https://discussions.qualys.com/thread/18706-hot-to-fix-http-security-header-not-detected-vulnerability-on-hp-ilo-hp3par-devices

You’d open a ticket with the GTAC > https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-contact-Extreme-Networks-Global-Technical-Assistance-Center-GTAC

-Ron

Re: HTTP vulnerabilities on wireless controller C5210

aguerrero — Thu, 23 Apr 2020 13:51:13 GMT

Thanks a lot Ron !

Regards