Optigo Networks Product Security Advisory

Oct 08 2024

Overview

An update has been released to address vulnerabilities in Optigo Networks Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-41925, CVE-2024-45367

ONS-S8 – Spectra Aggregation Switch versions: ~ 1.3.7 (inclusive)

Resolved Vulnerabilities

Vulnerability in the Spectra Aggregation Switch that does not properly validate user input, allowing attackers to browse directories, bypass authentication, and execute remote code (CVE-2024-41925)

Incomplete authentication process in the web server, which could allow an attacker to authenticate without a password (CVE-2024-45367)

Vulnerability Mitigation

We recommend that you always use a unique management VLAN for the ONS-S8 port used by users to connect to OneView.

We also recommend that you implement at least one of the following additional mitigations

Use a dedicated NIC on the BMS computer, and only connect this computer to OneView to manage the OT network configuration
Set up a router firewall with an allowlist for devices that can access OneView
Connect to OneView over a secure VPN

References

[1] CVE-2024-41925 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-41925

[2] CVE-2024-45367 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-45367

[2] Optigo Networks ONS-S8 Spectra Aggregation Switch

https://www.cisa.gov/news-events/ics-advisories/icsa-24-275-01

Optigo Networks Product Security Advisory

Microsoft Edge browser (129.0.2792.79) version security update advisory

Redis Vulnerability Security Update Advisory (CVE-2024-31449)

Tags:

Microsoft Edge browser (129.0.2792.79) version security update advisory

Redis Vulnerability Security Update Advisory (CVE-2024-31449)