CVE-2023-43120

Published: Oct 16, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request.

Affected (3)

Products: Extremenetworks: Exos

Extremenetworks

1 product

Exos

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Extremenetworks Exos	Before 22.7
Extremenetworks Exos	From 31.0 to 31.7.1
Extremenetworks Exos	From 32.0 to 32.5.1.5

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114377

Source: cve@mitre.org

Vendor Advisory

https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114377

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.