Exos
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14332 | Hig | 0.53 | 8.1 | 0.01 | Oct 23, 2017 | Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values. | ||
| CVE-2017-14328 | Hig | 0.49 | 7.5 | 0.01 | Oct 23, 2017 | Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot. | ||
| CVE-2017-14331 | Med | 0.44 | 6.7 | 0.00 | Oct 23, 2017 | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an interactive shell. | ||
| CVE-2017-14330 | Med | 0.44 | 6.7 | 0.00 | Oct 23, 2017 | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process. | ||
| CVE-2017-14329 | Med | 0.44 | 6.7 | 0.00 | Oct 23, 2017 | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell. | ||
| CVE-2017-14327 | Med | 0.29 | 4.4 | 0.00 | Oct 23, 2017 | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitrary files. | ||
| CVE-2020-18305 | 0.00 | — | 0.01 | May 13, 2024 | Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges. | |||
| CVE-2013-7309 | 0.00 | — | 0.01 | Jan 23, 2014 | The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing… |
- risk 0.53cvss 8.1epss 0.01
Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values.
- risk 0.49cvss 7.5epss 0.01
Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot.
- risk 0.44cvss 6.7epss 0.00
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an interactive shell.
- risk 0.44cvss 6.7epss 0.00
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.
- risk 0.44cvss 6.7epss 0.00
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.
- risk 0.29cvss 4.4epss 0.00
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitrary files.
- CVE-2020-18305May 13, 2024risk 0.00cvss —epss 0.01
Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.
- CVE-2013-7309Jan 23, 2014risk 0.00cvss —epss 0.01
The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing…