Extreme Networks has reviewed and evaluated the potential exposure of proxy service to the internet on L2VPN Gateway deployed in backhaul mode.
When deploying L2 VPN, if the VPN Gateway, either VGVA or XR600P set as L2 VPN Gateway, is directly connected to the Internet, several ports can be vulnerable for use in reflection attacks, such as Distributed Denial of Service (DDoS).
All products that support L2 VPN Gateway in Backhaul mode are potentially affected. This current product set is the XR600P and the VGVA.
In L2 VPN environment, using either VG-VA or XR600P as an L2 VPN gateway, please ensure that it is deployed behind a firewall.
You can read the entire Vulnerability Notice here: https://extremeportal.force.com/ExtrArticleDetail?an=000095097