Vulnerabilities > CVE-2018-5789 - XXE vulnerability in Extremewireless Wing

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

extremewireless

CWE-611

NVD

Published: 2018-02-05

Updated: 2018-02-22

Summary

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated XML Entity Expansion Denial of Service on the WiNG Access Point / Controller via crafted XML entities to the Web User Interface.

Vulnerable Configurations

Part	Description	Count
OS	Extremewireless Extremewireless Wing *	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003