HTTPS/SSH Vulnerabilities - Powerconnect 5448

Question

Hello everyone! I recently purchased a Dell PowerConnect 5448 switch, and works great! Huge upgrade I've needed for some time. That being said, I decided to do a vulnerability scan on it, and found some troublesome results for both HTTPS and SSH.  Sidenote: I found this thread: https://www.dell.com/community/Networking-General/Enable-SSLv3-and-TLS-on-PowerConnect-5448/m-p/4477855#M23275 (On that note, are there any other undocumented commands since the documentation in this version: December 2008 Rev. A01?) There are currently 6 vulnerabilities:HIGH - SSL Version 2 and 3 Protocol DetectionMEDIUM - SSH Weak Algorithms Supported (Need to disable arcfour/RC4)MEDIUM - SSL Medium Strength Cipher Suites SupportedMEDIUM - SSL Weak Cipher Suites SupportedMEDIUM - SSL/TLS EXPORT_RSA <= 512-bit Cipher Suites Supported (FREAK)MEDIUM - SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) Any help on this would be appreciated. Thank you!

mattgphoto · Answer

Hello Daniel! Thank you for responding. My apologies for not including this info initially:

	Software Version	2.0.0.46
	Boot Version	2.0.0.0
	Hardware Version	00.00.02

To my knowledge, that is the latest firmware already. The Nessus scan I did was run against that version of the firmware.

mattgphoto · Answer

Ouch, didn't know EOL devices were excluded from security vulnerability fixes. Well, in terms of changing ssl versions, are you talking about the command from the forum post I found previously? If so, I changed it to just v3 and that didn't do anything. So I guess thank you for letting me know I'll need to replace this unit :-) What model is a equivalent, but current model?

Networking General

Was this post helpful?