Looking to get an idea of when the s3300-28x will have a new firmware version. I have a vulnerability with mine that requires a firmware update, but we are currently running the 6.6.4.28 version. Anyone know when a new version will be released? Thanks!
There is no definite date yet on when a new firmware for the S3300-28X will be released.
Kindly check the Security Updates here. If ever it does not include the vulnerability you are referring to, you can report it by clicking the button "Click Here" under Report Vulnerabilities.
I have a vulnerability with mine that requires a firmware update, but we are currently running the 6.6.4.28 version.
You have it with your device? Let me guess: You have run some vulnerability scanner, with a certain policy set in place, and it does suggest an update or the like.
So it's something already well known - share with the world which vulnerability scanner, which policy set, which policy ,,,,
All these systems refer to (mostly) public resources. Tenable (famous for Nessus) for example maintain a list of Common Vulnerabilities and Exposures (CVEs) and their affected products.
If you really discovered vulnerability, Coordinated Vulnerability Disclosure (CVD) frameworks exist.
Do not discuss the security vulnerability you have discovered with anyone other than the affected vendor, the respective system owner and the NCSC (your national National Cyber Security Centre9 during the coordinated disclosure process.
Do not publicly disclose the vulnerability until the affected parties have been given enough time to remedy it, or until you have reached an agreement with all the parties including the NCSC.
Once you have reported a vulnerability to the NCSC, do not repeatedly interact with the affected system during the coordinated disclosure process.
Do not leverage vulnerabilities to download, modify or delete any data beyond the minimum necessary actions to provide a proof of concept.
Do not attempt to elevate privileges, or explore a system beyond the minimum necessary to provide a proof of concept.
Do not exfiltrate other users' data, use only your own account(s) for testing.
Do not attempt to gain access to a system using brute force or social engineering techniques.
Do not use denial of service attacks.
Do not install malware or viruses.
When possible, specify in your report what IP addresses you were using when you discovered the vulnerability, this will help assess potential exploitations and reducing false positive alerts.
Communicate your intentions to the NCSC if you plan to disclose your findings publicly (advisory, conference talk, article, etc.).
