Issue
A change was made to the TCSESM series switch firmware to fix an SNMPV3 authentication vulnerability.
Product Line
The Connexium products affected by this vulnerability with version 8.04 or lower are:
Resolution
The implementation of SNMPv3 contains a vulnerability that may allow authentication bypass if specifically, crafted packets are used.
To resolve this vulnerability, upgrade the Connexium switch to V8.09 or greater.
A change was made to the TCSESM series switch firmware to fix an SNMPV3 authentication vulnerability.
Product Line
The Connexium products affected by this vulnerability with version 8.04 or lower are:
| TCSESM043F23F0 | TCSESM103F23G0 | TCSESM063F2CU1C |
| TCSESM043F1CU0 | TCSESM103F2LG0 | TCSESM063F2CS1C |
| TCSESM043F2CU0 | TCSESM163F23F0 | |
| TCSESM043F1CS0 | TCSESM163F2CU0 | |
| TCSESM043F2CS0 | TCSESM163F2CS0 | |
| TCSESM083F23F0 | TCSESM243F2CU0 | |
| TCSESM083F1CU0 | TCSESM083F23F1 | |
| TCSESN083F2CU0 | TCSESM063F2CU1 | |
| TCSESM083F1CS0 | TCSESM063F2CS1 | |
| TCSESM083F2CS0 | TCSESM083F23F1C |
Resolution
The implementation of SNMPv3 contains a vulnerability that may allow authentication bypass if specifically, crafted packets are used.
To resolve this vulnerability, upgrade the Connexium switch to V8.09 or greater.
Released for:Schneider Electric Australia
