- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Amnesia:33 vulnerabilities for JGS516PE
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Amnesia:33 vulnerabilities for JGS516PE
Hello all,
I am not having much luck in finding any information regarding the Amnesia:33 vulnerabilities showing up on our Qualys scan for the JGS516PE switch.
I understand that the switch is EOL and no longer supported but is there any information about the latest patch from them addresses the vulnerability mentioned?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Amnesia:33 vulnerabilities for JGS516PE
Kindly check the Security Updates here. If ever it does not include the vulnerability you have mentioned, you can report it by clicking the button "Click Here" under Report Vulnerabilities.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Amnesia:33 vulnerabilities for JGS516PE
That link doesn't address my question.
If I were to report this, which is an old CVE by the way, will there be fixes for it if the product is EOL?
It is a well known issue with opensource TCP/IP stack.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Amnesia:33 vulnerabilities for JGS516PE
@Chipperchoi wrote:It is a well known issue with opensource TCP/IP stack.
Not sure there are similar alternate robust and light TCP stacks available to replace these embedded microcontrollers TCP stacks not vulnerable to the Amnesia:33 set.
Even if available, unclear if the industry will update these tiny devices ever.
@YeZ please.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Amnesia:33 vulnerabilities for JGS516PE
The Amnesia-33 secrity vulnerability issue is fixed in JGS516PE latest firmware v2.6.0.48 https://www.netgear.com/support/product/JGS516PE.aspx#download
Its release note shows:
- Various security vulnerability fixes and enhancements
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Amnesia:33 vulnerabilities for JGS516PE
Thank you for the link. however, I am already on that version of Firmware on the switch already and the Qualys scan is still picking it up.
I know it says it fixed various vulnerabilities but doesn't really say what was fixed. This is a PCI vulnerability that we will get dinged on, in an audit, so I need something more than this.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Amnesia:33 vulnerabilities for JGS516PE
@bbl_1 wrote:The Amnesia-33 secrity vulnerability issue is fixed in JGS516PE latest firmware v2.6.0.48
Strange at least if true .48 is dated 01-dec-2020 while the https://kb.cert.org/vuls/id/815128 release date was 08-dec-2020
And for the records again: "Various security vulnerability fixes and enhancements" is useless information. At lest one reference to each vulnerability/threat fixed - being a Netgear or CERT reference - is expected in business class products.
@Chipperchoi the way vulnerability assessment software works can vary widely ...