[security bulletin] HPESBHF03711 rev.1 - HPE 2620 Series Network Switches, Remote Cross Site Request Forgery (CSRF)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v
dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp
cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj
L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzExZW5fdXMN
Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j
dW1lbnQgSUQ6IGhwZXNiaGYwMzcxMWVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw
MzcxMSByZXYuMSAtIEhQRSAyNjIwIFNlcmllcyBOZXR3b3JrIFN3aXRjaGVzLCBSZW1v
dGUgQ3Jvc3MgU2l0ZQ0KUmVxdWVzdCBGb3JnZXJ5IChDU1JGKQ0KDQpOT1RJQ0U6IFRo
ZSBpbmZvcm1hdGlvbiBpbiB0aGlzIFNlY3VyaXR5IEJ1bGxldGluIHNob3VsZCBiZSBh
Y3RlZCB1cG9uIGFzDQpzb29uIGFzIHBvc3NpYmxlLg0KDQpSZWxlYXNlIERhdGU6IDIw
MTctMDMtMTANCkxhc3QgVXBkYXRlZDogMjAxNy0wMy0xMA0KDQpQb3RlbnRpYWwgU2Vj
dXJpdHkgSW1wYWN0OiBMb2NhbDogQ3Jvc3MtU2l0ZSBSZXF1ZXN0IEZvcmdlcnkgKENT
UkYpOyBSZW1vdGU6DQpDcm9zcy1TaXRlIFJlcXVlc3QgRm9yZ2VyeSAoQ1NSRikNCg0K
U291cmNlOiBIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSwgUHJvZHVjdCBTZWN1cml0
eSBSZXNwb25zZSBUZWFtDQoNClZVTE5FUkFCSUxJVFkgU1VNTUFSWQ0KQSBwb3RlbnRp
YWwgc2VjdXJpdHkgdnVsbmVyYWJpbGl0eSBoYXMgYmVlbiBpZGVudGlmaWVkIGluIEhQ
RSAyNjIwIFNlcmllcw0KTmV0d29yayBTd2l0Y2hlcy4gVGhlIHZ1bG5lcmFiaWxpdHkg
Y291bGQgYmUgcmVtb3RlbHkgZXhwbG9pdGVkIHRvIGV4ZWN1dGUgYQ0KY3Jvc3Mgc2l0
ZSByZXF1ZXN0IGZvcmdlcnkgKENTUkYpLg0KDQpSZWZlcmVuY2VzOg0KDQogIC0gQ1ZF
LTIwMTctNTc5Ng0KDQpTVVBQT1JURUQgU09GVFdBUkUgVkVSU0lPTlMqOiBPTkxZIGlt
cGFjdGVkIHZlcnNpb25zIGFyZSBsaXN0ZWQuDQoNCiAgLSBIUCBNU1IyMDAwIFJvdXRl
ciBTZXJpZXMgUkEuMTUuMDUuMDAwNg0KDQpCQUNLR1JPVU5EDQoNCiAgQ1ZTUyBCYXNl
IE1ldHJpY3MNCiAgPT09PT09PT09PT09PT09PT0NCiAgUmVmZXJlbmNlLCBDVlNTIFYz
IFNjb3JlL1ZlY3RvciwgQ1ZTUyBWMiBTY29yZS9WZWN0b3INCg0KICAgIENWRS0yMDE3
LTU3OTYNCiAgICAgIDkuNiBDVlNTOjMuMC9BVjpOL0FDOkwvUFI6Ti9VSTpSL1M6Qy9D
OkgvSTpIL0E6SA0KICAgICAgOS4zIChBVjpOL0FDOk0vQXU6Ti9DOkMvSTpDL0E6QykN
Cg0KICAgIEluZm9ybWF0aW9uIG9uIENWU1MgaXMgZG9jdW1lbnRlZCBpbg0KICAgIEhQ
RSBDdXN0b21lciBOb3RpY2UgSFBTTi0yMDA4LTAwMiBoZXJlOg0KDQpodHRwczovL2gy
MDU2NC53d3cyLmhwZS5jb20vaHBzYy9kb2MvcHVibGljL2Rpc3BsYXk/ZG9jSWQ9ZW1y
X25hLWMwMTM0NTQ5OQ0KDQpSRVNPTFVUSU9ODQoNCkhQRSBoYXMgbWFkZSB0aGUgZm9s
bG93aW5nIHNvZnR3YXJlIHVwZGF0ZXMgYW5kIG1pdGlnYXRpb24gaW5mb3JtYXRpb24g
dG8NCnJlc29sdmUgdGhlIHZ1bG5lcmFiaWxpdHkgaW4gSFBFIDI2MjAgU2VyaWVzIE5l
dHdvcmsgU3dpdGNoZXM6ICANCg0KICAqIEluc3RhbGwgUkEuMTUuMTUuMDAxNCBvciBh
IHN1YnNlcXVlbnQgdmVyc2lvbi4NCiAgDQoqKk5vdGU6KiogUGxlYXNlIGNvbnRhY3Qg
SFBFIFRlY2huaWNhbCBTdXBwb3J0IGlmIGFueSBhc3Npc3RhbmNlIGlzIG5lZWRlZA0K
YWNxdWlyaW5nIHRoZSBzb2Z0d2FyZSB1cGRhdGVzDQoNCkhJU1RPUlkNClZlcnNpb246
MSAocmV2LjEpIC0gMTAgTWFyY2ggMjAxNyBJbml0aWFsIHJlbGVhc2UNCg0KVGhpcmQg
UGFydHkgU2VjdXJpdHkgUGF0Y2hlczogVGhpcmQgcGFydHkgc2VjdXJpdHkgcGF0Y2hl
cyB0aGF0IGFyZSB0byBiZQ0KaW5zdGFsbGVkIG9uIHN5c3RlbXMgcnVubmluZyBIZXds
ZXR0IFBhY2thcmQgRW50ZXJwcmlzZSAoSFBFKSBzb2Z0d2FyZQ0KcHJvZHVjdHMgc2hv
dWxkIGJlIGFwcGxpZWQgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBjdXN0b21lcidzIHBh
dGNoIG1hbmFnZW1lbnQNCnBvbGljeS4NCg0KU3VwcG9ydDogRm9yIGlzc3VlcyBhYm91
dCBpbXBsZW1lbnRpbmcgdGhlIHJlY29tbWVuZGF0aW9ucyBvZiB0aGlzIFNlY3VyaXR5
DQpCdWxsZXRpbiwgY29udGFjdCBub3JtYWwgSFBFIFNlcnZpY2VzIHN1cHBvcnQgY2hh
bm5lbC4gRm9yIG90aGVyIGlzc3VlcyBhYm91dA0KdGhlIGNvbnRlbnQgb2YgdGhpcyBT
ZWN1cml0eSBCdWxsZXRpbiwgc2VuZCBlLW1haWwgdG8gc2VjdXJpdHktYWxlcnRAaHBl
LmNvbS4NCg0KUmVwb3J0OiBUbyByZXBvcnQgYSBwb3RlbnRpYWwgc2VjdXJpdHkgdnVs
bmVyYWJpbGl0eSBmb3IgYW55IEhQRSBzdXBwb3J0ZWQNCnByb2R1Y3Q6DQogIFdlYiBm
b3JtOiBodHRwczovL3d3dy5ocGUuY29tL2luZm8vcmVwb3J0LXNlY3VyaXR5LXZ1bG5l
cmFiaWxpdHkNCiAgRW1haWw6IHNlY3VyaXR5LWFsZXJ0QGhwZS5jb20NCg0KU3Vic2Ny
aWJlOiBUbyBpbml0aWF0ZSBhIHN1YnNjcmlwdGlvbiB0byByZWNlaXZlIGZ1dHVyZSBI
UEUgU2VjdXJpdHkgQnVsbGV0aW4NCmFsZXJ0cyB2aWEgRW1haWw6IGh0dHA6Ly93d3cu
aHBlLmNvbS9zdXBwb3J0L1N1YnNjcmliZXJfQ2hvaWNlDQoNClNlY3VyaXR5IEJ1bGxl
dGluIEFyY2hpdmU6IEEgbGlzdCBvZiByZWNlbnRseSByZWxlYXNlZCBTZWN1cml0eSBC
dWxsZXRpbnMgaXMNCmF2YWlsYWJsZSBoZXJlOiBodHRwOi8vd3d3LmhwZS5jb20vc3Vw
cG9ydC9TZWN1cml0eV9CdWxsZXRpbl9BcmNoaXZlDQoNClNvZnR3YXJlIFByb2R1Y3Qg
Q2F0ZWdvcnk6IFRoZSBTb2Z0d2FyZSBQcm9kdWN0IENhdGVnb3J5IGlzIHJlcHJlc2Vu
dGVkIGluDQp0aGUgdGl0bGUgYnkgdGhlIHR3byBjaGFyYWN0ZXJzIGZvbGxvd2luZyBI
UFNCLg0KDQozQyA9IDNDT00NCjNQID0gM3JkIFBhcnR5IFNvZnR3YXJlDQpHTiA9IEhQ
RSBHZW5lcmFsIFNvZnR3YXJlDQpIRiA9IEhQRSBIYXJkd2FyZSBhbmQgRmlybXdhcmUN
Ck1VID0gTXVsdGktUGxhdGZvcm0gU29mdHdhcmUNCk5TID0gTm9uU3RvcCBTZXJ2ZXJz
DQpPViA9IE9wZW5WTVMNClBWID0gUHJvQ3VydmUNClNUID0gU3RvcmFnZSBTb2Z0d2Fy
ZQ0KVVggPSBIUC1VWA0KDQpDb3B5cmlnaHQgMjAxNiBIZXdsZXR0IFBhY2thcmQgRW50
ZXJwcmlzZQ0KDQpIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSBzaGFsbCBub3QgYmUg
bGlhYmxlIGZvciB0ZWNobmljYWwgb3IgZWRpdG9yaWFsDQplcnJvcnMgb3Igb21pc3Np
b25zIGNvbnRhaW5lZCBoZXJlaW4uIFRoZSBpbmZvcm1hdGlvbiBwcm92aWRlZCBpcyBw
cm92aWRlZA0KImFzIGlzIiB3aXRob3V0IHdhcnJhbnR5IG9mIGFueSBraW5kLiBUbyB0
aGUgZXh0ZW50IHBlcm1pdHRlZCBieSBsYXcsIG5laXRoZXINCkhQIG9yIGl0cyBhZmZp
bGlhdGVzLCBzdWJjb250cmFjdG9ycyBvciBzdXBwbGllcnMgd2lsbCBiZSBsaWFibGUg
Zm9yDQppbmNpZGVudGFsLHNwZWNpYWwgb3IgY29uc2VxdWVudGlhbCBkYW1hZ2VzIGlu
Y2x1ZGluZyBkb3dudGltZSBjb3N0OyBsb3N0DQpwcm9maXRzOyBkYW1hZ2VzIHJlbGF0
aW5nIHRvIHRoZSBwcm9jdXJlbWVudCBvZiBzdWJzdGl0dXRlIHByb2R1Y3RzIG9yDQpz
ZXJ2aWNlczsgb3IgZGFtYWdlcyBmb3IgbG9zcyBvZiBkYXRhLCBvciBzb2Z0d2FyZSBy
ZXN0b3JhdGlvbi4gVGhlDQppbmZvcm1hdGlvbiBpbiB0aGlzIGRvY3VtZW50IGlzIHN1
YmplY3QgdG8gY2hhbmdlIHdpdGhvdXQgbm90aWNlLiBIZXdsZXR0DQpQYWNrYXJkIEVu
dGVycHJpc2UgYW5kIHRoZSBuYW1lcyBvZiBIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlz
ZSBwcm9kdWN0cw0KcmVmZXJlbmNlZCBoZXJlaW4gYXJlIHRyYWRlbWFya3Mgb2YgSGV3
bGV0dCBQYWNrYXJkIEVudGVycHJpc2UgaW4gdGhlIFVuaXRlZA0KU3RhdGVzIGFuZCBv
dGhlciBjb3VudHJpZXMuIE90aGVyIHByb2R1Y3QgYW5kIGNvbXBhbnkgbmFtZXMgbWVu
dGlvbmVkIGhlcmVpbg0KbWF5IGJlIHRyYWRlbWFya3Mgb2YgdGhlaXIgcmVzcGVjdGl2
ZSBvd25lcnMuDQotLS0tLUJFR0lOIFBHUCBTSUdOQVRVUkUtLS0tLQpWZXJzaW9uOiBH
bnVQRyB2MQoKaVFFY0JBRUJDQUFHQlFKWXd2S1ZBQW9KRUxYaEF4dDdTWmFpRU40SC9q
bzdZYW0waHpiOHA1TEM4VWc4OFRsLwphcSs5V25ML0FCQ004TVdaRzIyZmVsN0VQSmFh
dWRzZVZUQ25CT3NoQmNCaFNYNzl4YlRueldVZ3VPQVBzdGFZClZJWjh3K3JOTm0wZDha
NmdORi9wckxhaEhHYmtMTGN6dkJpT20wWUhrN1o3UGRtdlY3Q1VwWTNnbzNGS2NkYnUK
a2d2WkdERHZvenR5b1ZldXZiVG43WU9OQUxRZXZKU3Z1NFN2Q2pIRld5VlRKTnM2Y3dC
Qkh3VnA0dVkvdlBmWgpQcXdFMStzY1QxMFkzTmVReXYxSCtMeXlWNXB4NEhLMzdQVHdK
OE5vQXgwalBIRENxZnVTVDZIWGZXaEp2VmViCkFlak1jRFBXRHh2aHduN0g2bWtHNFE3
RUpOTWRFOFphd0FVY29WRkN6R2w3MEF4VHlXcjhjWmF5a0E4dlMycz0KPW5KM0EKLS0t
LS1FTkQgUEdQIFNJR05BVFVSRS0tLS0tCg==