Exos Security Vulnerabilities and Issues — Exos CVE List

Lucene search

ExtremenetworksExos

6 matches found

CVE•added 2023/10/16 7:15 p.m.•55 views

CVE-2023-43120

An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request.

8.8CVSS8.7AI score0.01588EPSS

CVE•added 2014/01/23 5:55 p.m.•50 views

CVE-2013-7309

The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain ...

5.4CVSS6.3AI score0.00937EPSS

CVE•added 2024/05/14 6:36 a.m.•37 views

CVE-2020-18305

Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.

8CVSS7.2AI score0.00335EPSS

CVE•added 2023/10/16 8:15 p.m.•36 views

CVE-2023-43121

A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files.

7.5CVSS7.4AI score0.01402EPSS

CVE•added 2023/10/16 8:15 p.m.•31 views

CVE-2023-43119

An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server.

9.8CVSS9.5AI score0.00373EPSS

CVE•added 2023/10/16 8:15 p.m.•30 views

CVE-2023-43118

Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API.

8.8CVSS8.9AI score0.00115EPSS