Extremenetworks Extremexos
8 CVEs affecting Extremenetworks Extremexos. Latest disclosed: 2024-05-14. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-27453 | High | 8.6 | 2024-05-03 | In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machin… |
CVE-2017-14332 | High | 8.1 | 2017-10-23 | Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values. |
CVE-2020-18305 | High | 8.0 | 2024-05-14 | Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers… |
CVE-2017-14328 | High | 7.5 | 2017-10-23 | Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot. |
CVE-2017-14331 | Medium | 6.7 | 2017-10-23 | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an interactive shell. |
CVE-2017-14330 | Medium | 6.7 | 2017-10-23 | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process. |
CVE-2017-14329 | Medium | 6.7 | 2017-10-23 | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell. |
CVE-2017-14327 | Medium | 4.4 | 2017-10-23 | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitrary files. |