Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
extremenetworks vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-43121
A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) prior to 32.5.1.5, prior to 22.7, and prior to 31.7.2 allows malicious users to read arbitrary files.
Extremenetworks Exos
NA
CVE-2005-1670
Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches running ExtremeWare XOS 11.1 prior to 11.1.3.3, 11.0 prior to 11.0.2.4, and 10.x allows remote authenticated users to execute arbitrary commands.
Extremenetworks Extremeware Xos
8.8
CVSSv3
CVE-2023-43120
An issue discovered in Extreme Networks Switch Engine (EXOS) prior to 32.5.1.5, prior to 22.7 and prior to 31.7.1 allows malicious users to gain escalated privileges via crafted HTTP request.
Extremenetworks Exos
8.8
CVSSv3
CVE-2023-43118
Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) prior to 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows malicious users to run arbitrary code and cause other unspecified impacts via /jsonrpc API.
Extremenetworks Exos
9.8
CVSSv3
CVE-2023-43119
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) prior to 32.5.1.5, also fixed in 22.7, 31.7.2 allows malicious users to gain escalated privileges using crafted telnet commands via Redis server.
Extremenetworks Exos
7.5
CVSSv3
CVE-2018-5787
An issue exists in Extreme Networks ExtremeWireless WiNG 5.x prior to 5.8.6.9 and 5.9.x prior to 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.
Extremenetworks Extremewireless Wing
7.5
CVSSv3
CVE-2018-5797
An issue exists in Extreme Networks ExtremeWireless WiNG 5.x prior to 5.8.6.9 and 5.9.x prior to 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port.
Extremenetworks Extremewireless Wing
6.1
CVSSv3
CVE-2020-16847
Extreme Analytics in Extreme Management Center prior to 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
Extremenetworks Extreme Management Center
6.1
CVSSv3
CVE-2020-13819
Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.
Extremenetworks Extreme Management Center
6.1
CVSSv3
CVE-2020-13820
Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.
Extremenetworks Extreme Management Center 8.4.1.24
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2