- EPSS 0.34%
- Veröffentlicht 14.05.2024 06:36:01
- Zuletzt bearbeitet 11.06.2025 14:57:21
Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.
CVE-2023-43118
- EPSS 0.12%
- Veröffentlicht 16.10.2023 20:15:15
- Zuletzt bearbeitet 21.11.2024 08:23:43
Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API.
CVE-2023-43119
- EPSS 0.37%
- Veröffentlicht 16.10.2023 20:15:15
- Zuletzt bearbeitet 21.11.2024 08:23:43
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server.
CVE-2023-43121
- EPSS 1.4%
- Veröffentlicht 16.10.2023 20:15:15
- Zuletzt bearbeitet 21.11.2024 08:23:43
A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files.
CVE-2023-43120
- EPSS 1.59%
- Veröffentlicht 16.10.2023 19:15:10
- Zuletzt bearbeitet 21.11.2024 08:23:43
An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request.
CVE-2013-7309
- EPSS 0.4%
- Veröffentlicht 23.01.2014 17:55:05
- Zuletzt bearbeitet 11.04.2025 00:51:21
The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a ...