Extremenetworks ≫ Extremexos

The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). N...

Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.

In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI).

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitrary files.

Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot.

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an interactive shell.

Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values.