Extremenetworks: >> Extremexos >> 16.2.2 Security Vulnerabilities
Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-05-14
In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI).
CVSS Score
8.6
EPSS Score
0.002
Published
2024-05-03
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitrary files.
CVSS Score
4.4
EPSS Score
0.001
Published
2017-10-23
Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot.
CVSS Score
7.5
EPSS Score
0.006
Published
2017-10-23
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.
CVSS Score
6.7
EPSS Score
0.0
Published
2017-10-23
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.
CVSS Score
6.7
EPSS Score
0.0
Published
2017-10-23
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an interactive shell.
CVSS Score
6.7
EPSS Score
0.0
Published
2017-10-23
Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values.
CVSS Score
8.1
EPSS Score
0.005
Published
2017-10-23