Buy or Renew
Buy or Renew
This forum is no longer in read-only mode. See this post for updates
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
873
Views
0
Helpful
1
Replies

SPA303 secuirty vulnerability

tomclayton
Level 1
Level 1

‎12-12-2018 02:59 AM

We have Cisco SPA303 on the latest firmware 7.6.2SR5 and our security scanner is picking up vulnerabilities in the SPA303's.

 

I need to Edit the crossdomain.xml file, ensuring:

  • No 'site-control' tags have the "permitted-cross-domain-policies" set to "all"
  • No 'allow-access-from' tags have the 'domain' attribute set to '*' or '*.TLD'
  • No 'allow-access-from' tags have the 'secure' attribute set to 'false'
  • No 'allow-http-headers-from' tags have the 'domain' attribute set to '*' or '*.TLD'
  • No 'allow-http-headers-from' tags have the 'secure' attribute set to 'false'

Does anyone know how i can do this?

 

Thanks

 

Tom

1 person had this problem
0 Helpful
1 Reply 1

Dan Lukes
VIP Alumni
VIP Alumni

‎12-12-2018 01:47 PM

You can't. User interface can't be customized by user. If you feel there's true vulnerability here, call SMB Support Center to report it. It may be patched in a future firmware release.

 

Note an automated scanner can't identify vulnerability - it can just suspect it.Those warnings should be reevaluated by skilled network administrator to either confirm them or claim them false positive for network in question.

 

0 Helpful
Customers Also Viewed These Support Documents