HIGH🇬🇧 English

CVE-2023-43118

CVSS 8.8v3.1pub. 2023-10-16upd. 2024-11-21

Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Extremenetworks Exos

    OS
    Extremenetworks
    31.7.0 – 31.7.2 (bez)32.0 – 32.5.1.5 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-43119CRITICAL9.8ten sam produkt

An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22....

CVE-2023-43120HIGH8.8ten sam produkt

An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 al...

CVE-2023-43121HIGH7.5ten sam produkt

A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) ...

CVE-2013-7309MEDIUM5.4ten sam produkt

The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID ...

CVE-2024-38292CRITICAL9.8PL ✓ten sam vendor

Path traversal w Extreme Networks XIQ-SE umożliwiający privilege escalation

CVE-2023-43118 — HIGH 8.8 | CVEbaza.pl