Executive Summary

Summary
Title Dell PowerConnect 3348, 3524p, and 5324 switches are vulnerable to denial-of-service attacks
Informations
Name VU#122582 First vendor Publication 2014-01-17
Vendor VU-CERT Last vendor Modification 2014-01-17
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#122582

Dell PowerConnect 3348, 3524p, and 5324 switches are vulnerable to denial-of-service attacks

Original Release date: 17 Jan 2014 | Last revised: 17 Jan 2014

Overview

Dell PowerConnect 3348 version 1.2.1.3, PowerConnect 3524p version 2.0.0.48, PowerConnect 5324 version 2.0.1.4, and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.

Dell OpenManage web application version 2.5 Build No. 1.19 and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.

Dell GoAhead web server login page also contains a denial-of-service (CWE-20) vulnerability.

Description

CWE-20: Improper Input Validation
Dell PowerConnect 3348 version 1.2.1.3, PowerConnect 3524p version 2.0.0.48, and Dell PowerConnect 5324 version 2.0.1.4 crash when a large amount of data is sent to the SSH port. This can allow an unauthenticated attacker to reset the switch and may lead to exploitation and execution of arbitrary code. CVE-2013-3594

Dell OpenManage web application version 2.5 Build No. 1.19 crashes when an undocumented URL for OSPF functionality is visited. This page is not accessible from the web application links but can be found in the firmware. This can allow an authenticated attacker to crash and reset the switch. CVE-2013-3595

Dell's GoAhead web server login page form crashes when a username length greater than 16 characters is submitted directly to the web-server via a crafted HTTP POST request. An unauthenticated attacker may be able to make the switch unresponsive until the device is reset. This attack may require multiple requests. CVE-2013-3606

The CVSS score reflects the CVE-2013-3594 vulnerability.

Impact

An unauthenticated attacker may be able to crash and reset the system that can lead to exploitation and execution of arbitrary code. CVE-2013-3594

An authenticated attacker may be able to crash the OpenManage web application to crash and reset the system. CVE-2013-3595

An unauthenticated attacker may be able to crash the GoAhead web server login page to crash the system. CVE-2013-3606

Solution

We are currently unaware of a practical solution to this problem. Please consider the following workaround.

Restrict Access

Restrict access to the PowerConnect interface to trusted networks. If possible, configure management and transit networks for separate VLANs, or restrict access to the device using appropriate firewall rules.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Dell Computer Corporation, Inc.Affected28 Jun 201319 Aug 2013
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base7.1AV:N/AC:M/Au:N/C:N/I:N/A:C
Temporal5.8E:POC/RL:ND/RC:UC
Environmental4.3CDP:N/TD:M/CR:ND/IR:ND/AR:ND

References

  • http://cwe.mitre.org/data/definitions/20.html
  • http://www.dell.com/support/drivers/us/en/04/Product/powerconnect-3348
  • http://www.dell.com/support/drivers/us/en/04/Product/powerconnect-3524p
  • http://www.dell.com/support/drivers/us/en/04/Product/powerconnect-5324

Credit

Thanks to Rijnard van Tonder for reporting this vulnerability.

This document was written by Adam Rauf.

Other Information

  • CVE IDs:CVE-2013-3594CVE-2013-3595CVE-2013-3606
  • Date Public:17 Jan 2014
  • Date First Published:17 Jan 2014
  • Date Last Updated:17 Jan 2014
  • Document Revision:36

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/122582

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 1
Hardware 1
Hardware 1

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-01-22 00:22:29
  • Multiple Updates
2014-01-20 13:22:21
  • Multiple Updates
2014-01-17 21:19:25
  • First insertion