Filtered by vendor Extremenetworks Subscriptions
Total 22 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-27453 1 Extremenetworks 1 Extremexos 2024-11-21 8.6 High
In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI).
CVE-2023-43121 1 Extremenetworks 1 Exos 2024-11-21 7.5 High
A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files.
CVE-2023-43120 1 Extremenetworks 1 Exos 2024-11-21 8.8 High
An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request.
CVE-2023-43119 1 Extremenetworks 1 Exos 2024-11-21 9.8 Critical
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server.
CVE-2023-43118 1 Extremenetworks 1 Exos 2024-11-21 8.8 High
Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API.
CVE-2023-35803 1 Extremenetworks 29 Ap1130, Ap122, Ap130 and 26 more 2024-11-21 9.8 Critical
IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.
CVE-2023-35802 1 Extremenetworks 29 Ap1130, Ap122, Ap130 and 26 more 2024-11-21 9.8 Critical
IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit.
CVE-2020-16847 1 Extremenetworks 1 Extreme Management Center 2024-11-21 6.1 Medium
Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
CVE-2020-16152 1 Extremenetworks 1 Aerohive Netconfig 2024-11-21 9.8 Critical
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.
CVE-2020-13820 1 Extremenetworks 1 Extreme Management Center 2024-11-21 6.1 Medium
Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.
CVE-2020-13819 1 Extremenetworks 1 Extreme Management Center 2024-11-21 6.1 Medium
Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.
CVE-2018-5797 1 Extremenetworks 1 Extremewireless Wing 2024-11-21 N/A
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port.
CVE-2018-5787 1 Extremenetworks 1 Extremewireless Wing 2024-11-21 N/A
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.
CVE-2017-14332 1 Extremenetworks 1 Extremexos 2024-11-21 N/A
Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values.
CVE-2017-14331 1 Extremenetworks 1 Extremexos 2024-11-21 N/A
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an interactive shell.
CVE-2017-14330 1 Extremenetworks 1 Extremexos 2024-11-21 N/A
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.
CVE-2017-14329 1 Extremenetworks 1 Extremexos 2024-11-21 N/A
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.
CVE-2017-14328 1 Extremenetworks 1 Extremexos 2024-11-21 7.5 High
Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot.
CVE-2017-14327 1 Extremenetworks 1 Extremexos 2024-11-21 N/A
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitrary files.
CVE-2013-7309 1 Extremenetworks 1 Exos 2024-11-21 N/A
The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.