An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExtremenetworks Exos
OSExtremenetworks< 22.731.7.0 – 31.7.2 (bez)32.0 – 32.5.1.5 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2023-43118HIGH8.8ten sam produkt
Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS)...
CVE-2023-43120HIGH8.8ten sam produkt
An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 al...
CVE-2023-43121HIGH7.5ten sam produkt
A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) ...
CVE-2013-7309MEDIUM5.4ten sam produkt
The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID ...
CVE-2024-38292CRITICAL9.8PL ✓ten sam vendor
Path traversal w Extreme Networks XIQ-SE umożliwiający privilege escalation