Allied Telesis AT-9000/24 Ethernet Switch Unauthorized Management VLAN Access Vulnerability

Bugtraq ID:	21628
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 16 2006 12:00AM
Updated:	Dec 18 2006 05:33PM
Credit:	Pasi Sjoholm <[email protected]> discovered this issue.
Vulnerable:	Allied-telesis AT-9000/24 0
Not Vulnerable:

Allied Telesis AT-9000/24 Ethernet Switch Unauthorized Management VLAN Access Vulnerability

Allied Telesis AT-9000/24 switches are prone to an unauthorized-management-VLAN-access vulnerability.

Exploiting this issue allows attackers with access to any port on affected switches to access the management VLAN. This may aid them in further attacks.

Allied Telesis AT-9000/24 Ethernet Switch Unauthorized Management VLAN Access Vulnerability

Attackers use standard network utilities to exploit this issue.

Allied Telesis AT-9000/24 Ethernet Switch Unauthorized Management VLAN Access Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Allied Telesis AT-9000/24 Ethernet Switch Unauthorized Management VLAN Access Vulnerability

References:

• AT-9000/24 Product Page (Allied Telesis)
  
• Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VL (Pasi Sjoholm )