Vulnerability Note VU#122582
Dell PowerConnect 3348, 3524p, and 5324 switches are vulnerable to denial-of-service attacks
Dell PowerConnect 3348 version 22.214.171.124, PowerConnect 3524p version 126.96.36.199, PowerConnect 5324 version 188.8.131.52, and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.
Dell OpenManage web application version 2.5 Build No. 1.19 and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.
Dell GoAhead web server login page also contains a denial-of-service (CWE-20) vulnerability.
CWE-20: Improper Input Validation
An unauthenticated attacker may be able to crash and reset the system that can lead to exploitation and execution of arbitrary code. CVE-2013-3594
We are currently unaware of a practical solution to this problem. Please consider the following workaround.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Dell Computer Corporation, Inc.||Affected||28 Jun 2013||19 Aug 2013|
CVSS Metrics (Learn More)
Thanks to Rijnard van Tonder for reporting this vulnerability.
This document was written by Adam Rauf.
- CVE IDs: CVE-2013-3594 CVE-2013-3595 CVE-2013-3606
- Date Public: 17 Jan 2014
- Date First Published: 17 Jan 2014
- Date Last Updated: 17 Jan 2014
- Document Revision: 36
If you have feedback, comments, or additional information about this vulnerability, please send us email.