This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

XOS 16.1.3.6 patch 1.8 affected by CVE-2014-3566 and CVE-2004-0230?

XOS 16.1.3.6 patch 1.8 affected by CVE-2014-3566 and CVE-2004-0230?

Marek_Gorczyca
New Contributor

‎03-13-2017 08:00 AM

HI, Our customer uses XOS 16.1.3.6 patch 1.8 and during the test he found out that it may be affected by CVE-2014-3566 ( poodle ) and DOS CVE-2004-0230. Extreme page says about poodle that XOS version higher than 15.3 is patched , however SSL v3 is stil availble there , am i right ? How to deactiavte SSLv3 on this version and use TLS 1.1 or higher ?

Can you elabore more on SSLv3 ?

What about the other CVE-2004 -0230, does it affect them ?

M.Gorczyca

0 Kudos
2 REPLIES 2

Ram3
Extreme Employee

‎03-14-2017 05:41 AM

Potential Vulnerability - CVE-2014-3566 aka POODLE SSL protocol 3.0 can be tracked using CR# xos0058527.

Fixed in following EXOS version:
----------------------------------------
15.3.5.2
15.5.4.2-patch1-5
15.6.2.8
15.7.0.22

0 Kudos

Ram3
Extreme Employee

‎03-13-2017 04:25 PM

Please open a new GTAC case for this inquiry. Also, in case description can you please clarify what are the test performed with steps and attach the copy of the outputs in the case notes which causes concern.
0 Kudos
GTM-P2G8KFN