Vulnerability

    Intel Express Switch

Affected

    Intel Express Switch series 500

Description

    Following   is   based   on   a   Vigilante   Security    Advisory
    VIGILANTE-2000010.  Systems affected:

        Intel Express Switch 510T
        - Firmware version 2.63
        - Firmware version 2.64
        Intel Express Switch 520T
        - Firmware version 2.63
        - Firmware version 2.64
        Intel Express Switch 550T
        - Firmware version 2.63
        - Firmware version 2.64
        Intel Express Switch 550F
        - Firmware version 2.63
        - Firmware version 2.64

    It is likely that older firmware versions are also affected.

    By sending a  malformed ICMP packet,  either to the  Intel Express
    Switch or a host  behind it, the CPU  crashes.  The switch  looses
    all routing functionality but  continues to function as  a switch,
    except for the fact that learning also crashes, so new connections
    are  not  "picked  up".   The  packet  can  be sent from a machine
    directly connected to  the switch or  from a machine  not directly
    connected to  the switch.   Since the  packet does  not require  a
    reply, the packet can also be spoofed.

    During testing also  was found the  SNMP command that  reboots the
    switch, and  just as  a friendly  reminder, please  do remember to
    change  your  switch's  SNMP  community  name  from the default to
    something a  bit harder  to guess,  since the  reboot command  can
    also be spoofed.

Solution

    Intel was contacted on the 3rd of September and the  vulnerability
    was verified by  them the following  day.  The  fix was officially
    released on the 5th of September.   The fix for the Intel  Express
    Switches 510T,  520T, 550T  and 550F  is the  same, and  it can be
    found at this location:

        http://support.intel.com/support/express/switches/500/es5_266.htm