PT-2026-4743 · Extreme Networks · Exos 9300
Published
2026-01-26
·
Updated
2026-01-26
·
CVE-2025-59093
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Exos 9300 (affected versions not specified)
Description
Exos 9300 instances utilize a database password generated from static random values, concatenated with the hostname and a random string readable by any user from the registry. This allows an attacker to derive the database password and gain authenticated access to the central Exos 9300 database as the
Exos9300Common user. This user possesses the ExosDialog and ExosDialogDotNet roles, granting read access to most database tables and update/insert privileges to many tables.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Exos 9300