A security vulnerability in the WISP switches was recently brought to my attention. jQuery V1x or 2x was detected in a security vulnerability scan. this is end of life software. jquery-2.1.0.min.js is on the switch with version 1.5.14. When can we expect a FW update that includes jQuery V3 for enhanced security? Also SNMPv3 is a security feature that we are interested in as well. Are there any plans to add this for added security? We currently are utilizing 168 WISP switches in our networks, and have been very happy with them.
Thanks,
Clay Markos
Wyoming DOT
jQuery 1x or 2x security vulnerability
Re: jQuery 1x or 2x security vulnerability
Over 4 months waiting for a simple security risk issue. Zero response. I would call them but good luck on finding a number. State has over 500 switches to replaced and loved the Netonix switches. Have replaced about 20% of old fleet. Because of your lack of care to just answer the question the state has forced me to purchase any switch but your brand. All you had to do answer with yes, no or working on it. Great job technical support ..
-
Dave - Employee
- Posts: 726
- Joined: Tue Apr 08, 2014 6:28 pm
- Has thanked: 1 time
- Been thanked: 158 times
Re: jQuery 1x or 2x security vulnerability
arrggg..sorry..i missed responding to your post when you posted it...sigh...for what it is worth now, it is on the list to be fixed when we release another round of firmware for the WS line of products.
Re: jQuery 1x or 2x security vulnerability
When can we expect the new FW that corrects both issues?
-
mike99 - Associate
- Posts: 837
- Joined: Tue Nov 25, 2014 10:53 am
- Location: Quebec, Canada
- Has thanked: 95 times
- Been thanked: 245 times
Re: jQuery 1x or 2x security vulnerability
Yes, vulnerabilities should be fix fast, but it shouldn't be a huge issue if your network is properly secured by a management VLAN not reachable from other subnets including other VLANs.
-
mayheart - Experienced Member
- Posts: 166
- Joined: Thu Jan 15, 2015 1:42 pm
- Location: Canada
- Has thanked: 43 times
- Been thanked: 40 times
Re: jQuery 1x or 2x security vulnerability
That's not how a lot of corporations and government sees it.
If it fails an internal scan, it needs to be fixed or it has to go.
Even cyber security insurance is starting to demand audit scans.
If it fails an internal scan, it needs to be fixed or it has to go.
Even cyber security insurance is starting to demand audit scans.
Re: jQuery 1x or 2x security vulnerability
mayheart is correct, if it is flagged as an issue in our (state of Wyoming cyber security) internal scans it has to be fixed or replaced with something that can pass the scans, regardless of cost. The cost just determines how fast or slow we replace vulnerable equipment. Netonix WISP switches were selected due to the features and cost, however, if they are not secure, the cost no longer matters....
7 posts
Page 1 of 1
Who is online
Users browsing this forum: No registered users and 52 guests