search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Dell PowerConnect 3348, 3524p, and 5324 switches are vulnerable to denial-of-service attacks

Vulnerability Note VU#122582

Original Release Date: 2014-01-17 | Last Revised: 2014-01-17

Overview

Dell PowerConnect 3348 version 1.2.1.3, PowerConnect 3524p version 2.0.0.48, PowerConnect 5324 version 2.0.1.4, and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.

Dell OpenManage web application version 2.5 Build No. 1.19 and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.

Dell GoAhead web server login page also contains a denial-of-service (CWE-20) vulnerability.

Description

CWE-20: Improper Input Validation
Dell PowerConnect 3348 version 1.2.1.3, PowerConnect 3524p version 2.0.0.48, and Dell PowerConnect 5324 version 2.0.1.4 crash when a large amount of data is sent to the SSH port. This can allow an unauthenticated attacker to reset the switch and may lead to exploitation and execution of arbitrary code. CVE-2013-3594

Dell OpenManage web application version 2.5 Build No. 1.19 crashes when an undocumented URL for OSPF functionality is visited. This page is not accessible from the web application links but can be found in the firmware. This can allow an authenticated attacker to crash and reset the switch. CVE-2013-3595

Dell's GoAhead web server login page form crashes when a username length greater than 16 characters is submitted directly to the web-server via a crafted HTTP POST request. An unauthenticated attacker may be able to make the switch unresponsive until the device is reset. This attack may require multiple requests. CVE-2013-3606

The CVSS score reflects the CVE-2013-3594 vulnerability.

Impact

An unauthenticated attacker may be able to crash and reset the system that can lead to exploitation and execution of arbitrary code. CVE-2013-3594

An authenticated attacker may be able to crash the OpenManage web application to crash and reset the system. CVE-2013-3595

An unauthenticated attacker may be able to crash the GoAhead web server login page to crash the system. CVE-2013-3606

Solution

We are currently unaware of a practical solution to this problem. Please consider the following workaround.

Restrict Access

Restrict access to the PowerConnect interface to trusted networks. If possible, configure management and transit networks for separate VLANs, or restrict access to the device using appropriate firewall rules.

Vendor Information

122582
 
Expand all

Dell Computer Corporation, Inc. Affected

Notified:  June 28, 2013 Updated: August 19, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C
Temporal 5.8 E:POC/RL:ND/RC:UC
Environmental 4.3 CDP:N/TD:M/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Rijnard van Tonder for reporting this vulnerability.

This document was written by Adam Rauf.

Other Information

CVE IDs: CVE-2013-3594, CVE-2013-3595, CVE-2013-3606
Date Public: 2014-01-17
Date First Published: 2014-01-17
Date Last Updated: 2014-01-17 16:46 UTC
Document Revision: 37

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis