Vulnerability Note VU#122582

Dell PowerConnect 3348, 3524p, and 5324 switches are vulnerable to denial-of-service attacks

Original Release date: 17 Jan 2014 | Last revised: 17 Jan 2014

Overview

Dell PowerConnect 3348 version 1.2.1.3, PowerConnect 3524p version 2.0.0.48, PowerConnect 5324 version 2.0.1.4, and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.

Dell OpenManage web application version 2.5 Build No. 1.19 and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.

Dell GoAhead web server login page also contains a denial-of-service (CWE-20) vulnerability.

Description

CWE-20: Improper Input Validation
Dell PowerConnect 3348 version 1.2.1.3, PowerConnect 3524p version 2.0.0.48, and Dell PowerConnect 5324 version 2.0.1.4 crash when a large amount of data is sent to the SSH port. This can allow an unauthenticated attacker to reset the switch and may lead to exploitation and execution of arbitrary code. CVE-2013-3594

Dell OpenManage web application version 2.5 Build No. 1.19 crashes when an undocumented URL for OSPF functionality is visited. This page is not accessible from the web application links but can be found in the firmware. This can allow an authenticated attacker to crash and reset the switch. CVE-2013-3595

Dell's GoAhead web server login page form crashes when a username length greater than 16 characters is submitted directly to the web-server via a crafted HTTP POST request. An unauthenticated attacker may be able to make the switch unresponsive until the device is reset. This attack may require multiple requests. CVE-2013-3606

The CVSS score reflects the CVE-2013-3594 vulnerability.

Impact

An unauthenticated attacker may be able to crash and reset the system that can lead to exploitation and execution of arbitrary code. CVE-2013-3594

An authenticated attacker may be able to crash the OpenManage web application to crash and reset the system. CVE-2013-3595

An unauthenticated attacker may be able to crash the GoAhead web server login page to crash the system. CVE-2013-3606

Solution

We are currently unaware of a practical solution to this problem. Please consider the following workaround.

Restrict Access

Restrict access to the PowerConnect interface to trusted networks. If possible, configure management and transit networks for separate VLANs, or restrict access to the device using appropriate firewall rules.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Dell Computer Corporation, Inc.Affected28 Jun 201319 Aug 2013
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C
Temporal 5.8 E:POC/RL:ND/RC:UC
Environmental 4.3 CDP:N/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Rijnard van Tonder for reporting this vulnerability.

This document was written by Adam Rauf.

Other Information

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.