CVE-2020-18305

Published: May 14, 2024Modified: Jun 11, 2025

8.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.

Affected (2)

Products: Extremenetworks: Extremexos

Extremenetworks

1 product

Extremexos

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Extremenetworks Extremexos	Before 22.7
Extremenetworks Extremexos	Version 30.1

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://gist.github.com/yasinyilmaz/1fe3fe58dd275edb77dcbe890fce2f2c

Source: cve@mitre.org

Exploit

https://gist.github.com/yasinyilmaz/1fe3fe58dd275edb77dcbe890fce2f2c

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.