PT-2024-10784 · Extreme Networks · Extreme Networks Exos
Yasin Yilmaz
·
Published
2024-05-13
·
Updated
2024-07-03
·
CVE-2020-18305
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Extreme Networks EXOS versions prior to 22.7
Extreme Networks EXOS versions prior to 30.2
Description
The issue is related to the Web GUI of Extreme Networks EXOS, which fails to restrict URL access. This allows attackers to access sensitive information or escalate privileges.
Recommendations
For Extreme Networks EXOS versions prior to 22.7, update to version 22.7 or later to resolve the issue.
For Extreme Networks EXOS versions prior to 30.2, update to version 30.2 or later to resolve the issue.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Extreme Networks Exos