PT-2018-17151 · Extreme Networks · Extremewireless Wing

Published

2018-02-05

Updated

2018-02-22

CVE-2018-5794

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Extreme Networks ExtremeWireless WiNG versions 5.x before 5.8.6.9 Extreme Networks ExtremeWireless WiNG versions 5.9.x before 5.9.1.3

Description: An issue was discovered where there is no authentication required for the AeroScout Service. This can be exploited via a crafted UDP packet.

Recommendations: For Extreme Networks ExtremeWireless WiNG versions 5.x before 5.8.6.9, update to version 5.8.6.9 or later. For Extreme Networks ExtremeWireless WiNG versions 5.9.x before 5.9.1.3, update to version 5.9.1.3 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2018-5794

Affected Products

Extremewireless Wing

PT-2018-17151 · Extreme Networks · Extremewireless Wing

CVE-2018-5794

Weakness Enumeration

Related Identifiers

Affected Products

References · 3