cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

NetSight Poodle Attack TLS cipher suites

NetSight Poodle Attack TLS cipher suites

Chacko
Contributor
Hi,

our internal audit-team found a few protocol warnings inside the communication between our NetSight server and a few NAC-enabled switches (The firewall generated alarms).
I think that these warnings are generated, when the identity-management sends out information to the NetSight via the xmlc-configuration.
The threat-id says, that NetSight is using TLS1.0 with CBC which is vulnerable to the Poodle attack.

Now the question: Is there a way to influence, which cipher-suites for TLS-connections are accepted, as well in the EXOS as on the NetSight server?
Are there maybe patches? - EXOS is 16.1.3.6-patch6 on the most devices.

Best Regards
Chacko
2 REPLIES 2

Drew_C
Valued Contributor III
Hi Chacko,
Here's our Vulnerability Notice on the POODLE attack: https://extremeportal.force.com/ExtrArticleDetail?n=000008192
I'm seeing some conflicting information, but I believe this has been fixed and that there are options in some of the latest EXOS releases that will allow you to edit which ciphers are used. I'll send some emails internally to get more information

-Drew

Jeremy_Gibbs
Contributor
Great find by your security team! I would love to know the answer to this and/or would like to see this patched!
GTM-P2G8KFN