CVE-2023-43119

Name of the Vulnerable Software and Affected Versions Extreme Networks Switch Engine (EXOS) versions prior to 22.7 Extreme Networks Switch Engine (EXOS) versions prior to 31.7.2 Extreme Networks Switch Engine (EXOS) versions prior to 32.5.1.5

Description The issue is related to an Access Control problem in the Extreme Networks Switch Engine (EXOS) software, which can be exploited by attackers to gain escalated privileges. This can be achieved by using crafted telnet commands via the Redis server.

Recommendations For versions prior to 22.7, update to version 22.7 or later to resolve the issue. For versions prior to 31.7.2, update to version 31.7.2 or later to resolve the issue. For versions prior to 32.5.1.5, update to version 32.5.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the telnet service and Redis server to minimize the risk of exploitation.