Netonix Forums

We would like to access the web portal of our new Netonix switches using SSL, but our Qualys PCI scanner is detecting multiple PHP and OpenSSL Vulnerabilites (attached image).

Currently, we are running v1.4.8rcX. Are there any solutions to getting our equipment in compliance with PCI, other than shutting off the web services?

Best practice would be to use a management VLAN not accessible to users.

Or you can use an access list on the switch so only certain IPs can access web interface or CLI. This security feature is in the UI.

Or you can cheat and simply block their scanning IPs

Any plans to update the PHP version in a future firmware release? That seems to be most what Qualys is picking up.

I see this from a few different ways. Those are all good suggestions - good practice to limit access. Identified vulnerabilities should be patched (e.g. update the version software components). Also, realize that there will always be vulnerabilities which is why there are multiple layers to security (e.g. including secure connections for financial transactions).