Unsolved
This post is more than 5 years old
3 Posts
0
2854
September 21st, 2018 05:00
HTTPS/SSH Vulnerabilities - Powerconnect 5448
Hello everyone!
I recently purchased a Dell PowerConnect 5448 switch, and works great! Huge upgrade I've needed for some time. That being said, I decided to do a vulnerability scan on it, and found some troublesome results for both HTTPS and SSH.
Sidenote: I found this thread: https://www.dell.com/community/Networking-General/Enable-SSLv3-and-TLS-on-PowerConnect-5448/m-p/4477855#M23275 (On that note, are there any other undocumented commands since the documentation in this version: December 2008 Rev. A01?)
There are currently 6 vulnerabilities:
HIGH - SSL Version 2 and 3 Protocol Detection
MEDIUM - SSH Weak Algorithms Supported (Need to disable arcfour/RC4)
MEDIUM - SSL Medium Strength Cipher Suites Supported
MEDIUM - SSL Weak Cipher Suites Supported
MEDIUM - SSL/TLS EXPORT_RSA <= 512-bit Cipher Suites Supported (FREAK)
MEDIUM - SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)
Any help on this would be appreciated. Thank you!
mattgphoto
3 Posts
0
September 21st, 2018 07:00
Hello Daniel! Thank you for responding. My apologies for not including this info initially:
To my knowledge, that is the latest firmware already. The Nessus scan I did was run against that version of the firmware.
mattgphoto
3 Posts
0
September 21st, 2018 10:00
Ouch, didn't know EOL devices were excluded from security vulnerability fixes. Well, in terms of changing ssl versions, are you talking about the command from the forum post I found previously? If so, I changed it to just v3 and that didn't do anything. So I guess thank you for letting me know I'll need to replace this unit :-) What model is a equivalent, but current model?