Shodan
Vulnerabilities
Vulnerable Software
Extremenetworks:  Security Vulnerabilities
CVE-2024-38290
In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-02-27
CVE-2024-38291
In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-02-27
CVE-2024-38292
In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-02-27
CVE-2020-18305
Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.
CVSS Score
8.0
EPSS Score
0.003
Published
2024-05-14
CVE-2024-27453
In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI).
CVSS Score
8.6
EPSS Score
0.002
Published
2024-05-03
CVE-2023-43118
Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-16
CVE-2023-43119
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-10-16
CVE-2023-43121
A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files.
CVSS Score
7.5
EPSS Score
0.014
Published
2023-10-16
CVE-2023-43120
An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request.
CVSS Score
8.8
EPSS Score
0.016
Published
2023-10-16
CVE-2023-35803
IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.
CVSS Score
9.8
EPSS Score
0.055
Published
2023-10-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved