Dell PowerConnect vulnerability

Whilst trying to automate backups of our network device configuration I stumbled across a major disclosure vulnerability with Dell PowerConnect switches. Under the default configuration the running config if the switch can be downloaded without authenticating. Simply open a web browser and navigate to:

http://switch management IP/filesystem/running-config

I’ve tried writing back to the switches by posting data to /http_file_download.html with no success – Cookies are required for that. Still, with a copy of the encrypted root password it shouldn’t take long to get access with a good set of rainbow tables (See here for such a tool).

This is likely to effect most current Dell PowerConnect switches though I’ve only tested it on M6220 and 6248 switches running the latest firmware ( blades / on 6200).

If you have vulnerable PowerConnect switches in your environment I’d urge you to use ACLs to restrict management to a particular IP range or disable HTTP management altogether from the global configuration context:



console(config)#no ip http server


console#copy running-config startup-config

This operation may take a few minutes.
Management interfaces will not be available during this time.

Are you sure you want to save? (y/n) y

Configuration Saved!

Dell are working on a fix.