cancel
Showing results for 
Search instead for 
Did you mean: 

XOS 16.1.3.6 patch 1.8 affected by CVE-2014-3566 and CVE-2004-0230?

XOS 16.1.3.6 patch 1.8 affected by CVE-2014-3566 and CVE-2004-0230?

Marek_Gorczyca
New Contributor
HI, Our customer uses XOS 16.1.3.6 patch 1.8 and during the test he found out that it may be affected by CVE-2014-3566 ( poodle ) and DOS CVE-2004-0230. Extreme page says about poodle that XOS version higher than 15.3 is patched , however SSL v3 is stil availble there , am i right ? How to deactiavte SSLv3 on this version and use TLS 1.1 or higher ?

Can you elabore more on SSLv3 ?

What about the other CVE-2004 -0230, does it affect them ?

M.Gorczyca

2 REPLIES 2

Ram3
Extreme Employee
Potential Vulnerability - CVE-2014-3566 aka POODLE SSL protocol 3.0 can be tracked using CR# xos0058527.

Fixed in following EXOS version:
----------------------------------------
15.3.5.2
15.5.4.2-patch1-5
15.6.2.8
15.7.0.22

Ram3
Extreme Employee
Please open a new GTAC case for this inquiry. Also, in case description can you please clarify what are the test performed with steps and attach the copy of the outputs in the case notes which causes concern.
GTM-P2G8KFN