Vulnerabilities > Extremenetworks

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-16	CVE-2023-43118	Cross-Site Request Forgery (CSRF) vulnerability in Extremenetworks Exos 31.7.0/31.7.1/32.0 Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API. network low complexity extremenetworks CWE-352	8.8
2023-10-16	CVE-2023-43119	Incorrect Authorization vulnerability in Extremenetworks Exos 31.7.0/31.7.1/32.0 An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server. network low complexity extremenetworks CWE-863 critical	9.8
2023-10-16	CVE-2023-43121	Path Traversal vulnerability in Extremenetworks Exos 31.7.0/31.7.1/32.0 A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files. network low complexity extremenetworks CWE-22	7.5
2023-10-16	CVE-2023-43120	Unspecified vulnerability in Extremenetworks Exos 31.0/31.7.0/32.0 An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request. network low complexity extremenetworks	8.8
2023-10-04	CVE-2023-35803	Classic Buffer Overflow vulnerability in Extremenetworks IQ Engine 10.6R1/10.6R2 IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow. network low complexity extremenetworks CWE-120 critical	9.8
2023-07-15	CVE-2023-35802	Classic Buffer Overflow vulnerability in Extremenetworks IQ Engine 10.6R1/10.6R2 IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. network low complexity extremenetworks CWE-120 critical	9.8
2021-11-14	CVE-2020-16152	Inclusion of Functionality from Untrusted Control Sphere vulnerability in Extremenetworks Aerohive Netconfig 10.0R8A The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file. network low complexity extremenetworks CWE-829 critical	9.8
2020-08-05	CVE-2020-13819	Cross-site Scripting vulnerability in Extremenetworks Extreme Management Center 8.4.1.24/8.5 Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. network low complexity extremenetworks CWE-79	6.1
2020-08-04	CVE-2020-16847	Cross-site Scripting vulnerability in Extremenetworks Extreme Management Center 8.4.1.24/8.5 Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887. network low complexity extremenetworks CWE-79	6.1
2020-08-03	CVE-2020-13820	Cross-site Scripting vulnerability in Extremenetworks Extreme Management Center 8.4.1.24 Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. network low complexity extremenetworks CWE-79	6.1

Vulnerabilities > Extremenetworks {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Extremenetworks"}]}

Vulnerabilities > Extremenetworks