PT-2018-17146 · Extreme Networks · Extremewireless Wing

Published

2018-02-05

Updated

2018-02-22

CVE-2018-5789

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Extreme Networks ExtremeWireless WiNG versions 5.x before 5.8.6.9 Extreme Networks ExtremeWireless WiNG versions 5.9.x before 5.9.1.3

Description: An issue was discovered in Extreme Networks ExtremeWireless WiNG, where a Remote, Unauthenticated XML Entity Expansion Denial of Service can occur on the WiNG Access Point / Controller via crafted XML entities to the Web User Interface.

Recommendations: For versions 5.x before 5.8.6.9, update to version 5.8.6.9 or later. For versions 5.9.x before 5.9.1.3, update to version 5.9.1.3 or later.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2018-5789

Affected Products

Extremewireless Wing

PT-2018-17146 · Extreme Networks · Extremewireless Wing

CVE-2018-5789

Weakness Enumeration

Related Identifiers

Affected Products

References · 3