jQuery 1x or 2x security vulnerability

[tcmarkos]

A security vulnerability in the WISP switches was recently brought to my attention. jQuery V1x or 2x was detected in a security vulnerability scan. this is end of life software. jquery-2.1.0.min.js is on the switch with version 1.5.14. When can we expect a FW update that includes jQuery V3 for enhanced security? Also SNMPv3 is a security feature that we are interested in as well. Are there any plans to add this for added security? We currently are utilizing 168 WISP switches in our networks, and have been very happy with them.

Thanks,
Clay Markos
Wyoming DOT

[WYDOT]

Over 4 months waiting for a simple security risk issue. Zero response. I would call them but good luck on finding a number. State has over 500 switches to replaced and loved the Netonix switches. Have replaced about 20% of old fleet. Because of your lack of care to just answer the question the state has forced me to purchase any switch but your brand. All you had to do answer with yes, no or working on it. Great job technical support ..

[Dave]

arrggg..sorry..i missed responding to your post when you posted it...sigh...for what it is worth now, it is on the list to be fixed when we release another round of firmware for the WS line of products.

[tcmarkos]

When can we expect the new FW that corrects both issues?

[mike99]

Yes, vulnerabilities should be fix fast, but it shouldn't be a huge issue if your network is properly secured by a management VLAN not reachable from other subnets including other VLANs.

[mayheart]

That's not how a lot of corporations and government sees it.

If it fails an internal scan, it needs to be fixed or it has to go.

Even cyber security insurance is starting to demand audit scans.

[tcmarkos]

mayheart is correct, if it is flagged as an issue in our (state of Wyoming cyber security) internal scans it has to be fixed or replaced with something that can pass the scans, regardless of cost. The cost just determines how fast or slow we replace vulnerable equipment. Netonix WISP switches were selected due to the features and cost, however, if they are not secure, the cost no longer matters....