PT-2023-28705 · Extreme Networks · Extreme Networks Switch Engine

David Yesland

Publicado

2023-10-16

Atualizado

2024-09-17

CVE-2023-43120

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Extreme Networks Switch Engine (EXOS) versions prior to 22.7 Extreme Networks Switch Engine (EXOS) versions prior to 31.7.1 Extreme Networks Switch Engine (EXOS) versions prior to 32.5.1.5

Description An issue in Extreme Networks Switch Engine (EXOS) allows attackers to gain escalated privileges via crafted HTTP requests.

Recommendations For versions prior to 22.7, update to version 22.7 or later. For versions prior to 31.7.1, update to version 31.7.1 or later. For versions prior to 32.5.1.5, update to version 32.5.1.5 or later.

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

CVE-2023-43120

Produtos afetados

Extreme Networks Switch Engine

PT-2023-28705 · Extreme Networks · Extreme Networks Switch Engine

CVE-2023-43120

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8