DaveHope.co.uk

PowerConnect vulnerability fixed

Dell have recently released a firmware update for the PowerConnect line of switches to resolve the security vulnerability I discovered.

Firmware version 4.1.0.19 lists the following fix:

Access is allowed to files on the switch without log in permissions required.
If the file name is known, the file can be downloaded through the web browser without having to be logged in.
Corrected the web process to require login credentials before downloading a file.

Looking at the release notes, Dell have certainly had a few problems with these Broadcom switches. Fingers crossed their new Juniper product line has less issues!

You can find the firmware update on the Dell website.

Comments are closed.