This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CVE-2023-35803 mitigation ?

CVE-2023-35803 mitigation ?

Go to solution
fran1942
New Contributor II

‎07-19-2023 12:43 AM

Hello, until we get the firmware upgraded, what sort of AP firewall policy is required to mitigate this vulnerability ? i.e inbound/outbound ? blocking port 5916 ?

CVE-2023-35803

Thank you kindly

1 ACCEPTED SOLUTION

Go to solution
LaurentA
New Contributor II

‎07-20-2023 05:08 AM

Hi,

According to the researcher Blog and Exploit code, the attacker needs to connect to the AP over the port TCP/5916.
A quick workaround should be to block this port to anyone (using Firewall in User-Profiles for Wi-Fi users, and using classic LAN segmentation for the wired users).
Regards,

View solution in original post

6 REPLIES 6

Go to solution
LaurentA
New Contributor II
In response to fran1942

‎07-25-2023 06:50 AM

Hi, "Outbound" policy controls traffic sent by the Wireless Users (whatever is the destination).
Regards,

0 Kudos

Go to solution
w1f1n00b
Contributor II

‎07-19-2023 06:01 AM

For anyone who missed it here is the CVE announcement - https://community.extremenetworks.com/t5/security-advisories-formerly/sa-2023-067-iq-engine-acsd-ser...

I too would like to know a few more details about this CVE.

The other CVE posted Monday specifies what access is needed to conduct the exploit. I'm not seeing that information for this one which seems like very relevant information given that there are so many AP models that won't be seeing a patch for this for at least 3 months or more!

0 Kudos
GTM-P2G8KFN