Security Advisories
a8娱乐 is committed to maintaining the highest standards of security across our product portfolio. Leveraging extensive testing and monitoring of vulnerabilities to isolate and neutralize threats early, a8娱乐's Product Security Incident Response Team (PSIRT) provides global coverage for public reporting of possible security vulnerabilities across the product portfolio.
The PSIRT team monitors industry-wide vulnerability reporting as well as providing a single point of contact for customers and interested third parties to investigate and identify potential threats. The PSIRT team also works to communicate these issues back to the user community in a timely manner.
a8娱乐's approach to vulnerability management and links to best practice guidelines can be found here.
For technical assistance with workarounds and hotfix installations recommended in security advisories, please contact the a8娱乐 Support team at 该邮件地址已受到反垃圾邮件插件保护。要显示它需要在浏览器中启用 JavaScript。.
Report security vulnerabilities found in a8娱乐 products to the PSIRT team via 该邮件地址已受到反垃圾邮件插件保护。要显示它需要在浏览器中启用 JavaScript。. It is recommended to use a8娱乐's PGP key for secure and private communication directly with the PSIRT team.
a8娱乐 PSIRT is happy to work with researchers on discovered vulnerabilities in a8娱乐 products, the assignment of CVEs, and timelines for responsible disclosure. If a researcher discovers a new vulnerability they will be acknowledged in the advisory related to the vulnerability. a8娱乐 PSIRT is interested in receiving reports on issues affecting features in both a8娱乐 code as well as Open Source Software used in a8娱乐 products. Security issues found in Open Source Software which do not affect a8娱乐 products are out of the scope of a8娱乐 and should be referred to the appropriate CNA found .
PSIRT Advisories
The following advisories and referenced materials are provided on an "as is" basis for use at your own risk. a8娱乐 reserves the right to change or update the advisories without notice at any time.
Security Advisory 0006
September 29th 2014
Shell command Bash code injection vulnerability (CVE-2014-6271, CVE-2014-6278, and CVE-2014-7169)
Security Advisory 0005
June?9th 2014
Open SSL clients running on a8娱乐 EOS vulnerable to SSL/TLS MITM vulnerability (CVE-2014-0224)
Security Advisory 0004
April 9th 2014
a8娱乐 7000 Series Products and a8娱乐 EOS Not Vulnerable to OpenSSL CVE-2014-0160
Security Advisory 0003
February 14, 2014
Affected Software Version: EOS-4.13.0F through EOS-4.13.1F.
Security Advisory 0002
September 12, 2012
Null pointer dereference in nf_conntrack_ipv6. Affected software releases include EOS-4.8.0 through EOS-4.8.7, EOS-4.9.0 through EOS-4.9.5, EOS-4.10, EOS-4.10.1
Security Advisory 0001
June 17, 2008
SNMP v3 authentication may be bypassed on a8娱乐 Switches running EOS 2.0.2 or earlier. Recommendation is to upgrade to EOS 2.0.3 or later.