PT-2014-2689 · Dell · Dell Powerconnect 3348+2
Rijnard Van Tonder
·
Published
2014-01-20
·
Updated
2017-08-29
·
CVE-2013-3594
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Dell PowerConnect 3348 version 1.2.1.3
Dell PowerConnect 3524p version 2.0.0.48
Dell PowerConnect 5324 version 2.0.1.4
Description
The issue allows remote attackers to cause a denial of service, potentially leading to device reset, or possibly execute arbitrary code. This is achieved by sending many packets to TCP port 22, which is used by the SSH service.
Recommendations
For Dell PowerConnect 3348 version 1.2.1.3, restrict access to TCP port 22 to minimize the risk of exploitation.
For Dell PowerConnect 3524p version 2.0.0.48, consider disabling the SSH service until a fix is available.
For Dell PowerConnect 5324 version 2.0.1.4, limit the number of incoming packets to TCP port 22 as a temporary mitigation measure.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Powerconnect 3348
Dell Powerconnect 3524P
Dell Powerconnect 5324