This vulnerability is caused by stack-based buffer overflows that can be triggered via a crafted DNS response when performing dual A/AAAA DNS queries. The vulnerability of the Ecessa device is only through DNS queries the Ecessa device itself makes, not through DNS traffic routed by the Ecessa device. Our testing has confirmed that some functions in the Ecessa software are vulnerable to this exploit and an update addressing the issue will be available soon, please contact Technical Support with questions. In the meantime it is possible to disable the ability of the Ecessa device to make DNS queries with the following steps:
1) Navigate to 'Services'
2) In both the 'Primary' and 'Secondary' DNS fields enter '127.0.0.1'
3) Click 'Activate' at the bottom of the page to save the settings.
Without the ability to make DNS queries there are several things to be aware of:
1) 'Update Software' will not work until DNS servers are re-entered on the 'Services' page.
2) The Cloud feature will not work properly. Configuration updates will not be sent to cloud.ecessa.com so manual backups must be kept. Documentation about downloading configuration file backups can be found here: https://support.ecessa.com/hc/en-us/articles/200144116-Configuration-Management
3) Hostnames used in the devices configuration for features such as 'Static Routes' and the 'Firewall' will not resolve. This does not affect the 'Authoritative DNS' feature of the device.
0 Comments