This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Vulnerability Notices || VN 2017-003 & VN 2017-004

Vulnerability Notices || VN 2017-003 & VN 2017-004

Drew_C
Valued Contributor III

‎11-15-2017 07:59 PM

Extreme Networks has been made aware of a number of vulnerabilities present in its ExtremeXOS software. These vulnerabilities have been resolved in currently available releases and are described in two separate Vulnerability Notices, listed below:Customers with a current maintenance and support contract may access the Extreme Portal for software updates at: https://extremeportal.force.com/

If you have additional questions concerning this information, post a response below or contact your Extreme Networks representative.

NOTE: Extreme's Vulnerability Notices are posted in the GTAC Knowledge section of the Extreme Portal.

0 Kudos
1 REPLY 1

Erik_Auerswald
Contributor II

‎11-17-2017 08:47 AM

Hi,

VN 2017-003 is a bit funny, since other vendors allow root access to the switches by default and admin privileges are needed to escalate to root.

I accept that a possibility to restrict root access by configuration can be useful, as planned for addressing the "vulnerabilities."

Thanks,
Erik
0 Kudos
GTM-P2G8KFN