PT-2018-17154 · Extreme Networks · Extremewireless Wing

Published

2018-02-05

Updated

2019-10-03

CVE-2018-5797

CVSS v3.1

7.5

High

Vector

AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Extreme Networks ExtremeWireless WiNG versions 5.x before 5.8.6.9 Extreme Networks ExtremeWireless WiNG versions 5.9.x before 5.9.1.3

Description: An issue was discovered that involves an Smint encrypt hardcoded AES key. This key can be used by an attacker for packet decryption to obtain cleartext credentials, provided the attacker has access to a wired port.

Recommendations: For Extreme Networks ExtremeWireless WiNG versions 5.x before 5.8.6.9, update to version 5.8.6.9 or later. For Extreme Networks ExtremeWireless WiNG versions 5.9.x before 5.9.1.3, update to version 5.9.1.3 or later.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2018-5797

Affected Products

Extremewireless Wing

PT-2018-17154 · Extreme Networks · Extremewireless Wing

CVE-2018-5797

Weakness Enumeration

Related Identifiers

Affected Products

References · 3