VYPR

Vendor CVEs

Extremenetworks

All CVEs

43 total · sorted by risk
  • CVE-2023-46271CriFeb 19, 2025
    risk 0.64cvss 9.8epss 0.01

    Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, has a buffer overflow. This issue arises from the ah_webui service, which listens on TCP port 3009 by default.

  • CVE-2023-46272HigFeb 19, 2025
    risk 0.57cvss 8.8epss 0.00

    Buffer Overflow vulnerability in Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, allows an attacker to execute arbitrary code via the implementation of the ah_auth service

  • CVE-2017-14332HigOct 23, 2017
    risk 0.53cvss 8.1epss 0.01

    Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values.

  • CVE-2024-7872HigMar 6, 2025
    risk 0.49cvss 7.6epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in ExtremePACS Extreme XDS allows Retrieve Embedded Sensitive Data. This issue affects Extreme XDS: before 3933.

  • CVE-2018-5797HigFeb 5, 2018
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port.

  • CVE-2018-5789HigFeb 5, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated XML Entity Expansion Denial of Service on the WiNG Access Point / Controller via crafted XML entities to the Web User Interface.

  • CVE-2018-5788HigFeb 5, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Denial of Service in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.

  • CVE-2018-5787HigFeb 5, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.

  • CVE-2017-14328HigOct 23, 2017
    risk 0.49cvss 7.5epss 0.01

    Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot.

  • CVE-2018-5796HigFeb 5, 2018
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Hidden Root Shell by entering the administrator password in conjunction with the 'service start-shell' CLI command.

  • CVE-2017-14331MedOct 23, 2017
    risk 0.44cvss 6.7epss 0.00

    Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an interactive shell.

  • CVE-2017-14330MedOct 23, 2017
    risk 0.44cvss 6.7epss 0.00

    Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.

  • CVE-2017-14329MedOct 23, 2017
    risk 0.44cvss 6.7epss 0.00

    Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.

  • CVE-2026-9831MedMay 29, 2026
    risk 0.41cvss 6.3epss 0.00

    A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for…

  • CVE-2018-5793MedFeb 5, 2018
    risk 0.38cvss 5.9epss 0.01

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.

  • CVE-2018-5792MedFeb 5, 2018
    risk 0.38cvss 5.9epss 0.01

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.

  • CVE-2018-5791MedFeb 5, 2018
    risk 0.38cvss 5.9epss 0.01

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.

  • CVE-2018-5794MedFeb 5, 2018
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is No Authentication for the AeroScout Service via a crafted UDP packet.

  • CVE-2018-5790MedFeb 5, 2018
    risk 0.34cvss 5.3epss 0.00

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Remote, Unauthenticated "Global" Denial of Service in the RIM (Radio Interface Module) over the MINT (Media Independent Tunnel) Protocol on the WiNG Access…

  • CVE-2026-0689MedMar 2, 2026
    risk 0.32cvss 4.9epss 0.00

    In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface,…

  • CVE-2018-5795MedFeb 5, 2018
    risk 0.32cvss 4.9epss 0.01

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller.

  • CVE-2017-14327MedOct 23, 2017
    risk 0.29cvss 4.4epss 0.00

    Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitrary files.

  • CVE-2020-16152Nov 14, 2021
    risk 0.10cvss epss 0.35

    The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.

  • CVE-2008-0767Feb 13, 2008
    risk 0.04cvss epss 0.08

    ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier does not verify that a certain "number of URLs" field is consistent with the packet length, which allows remote attackers to cause a denial of service (daemon crash) via a large integer in this field in a…

  • CVE-2020-13820Aug 3, 2020
    risk 0.01cvss epss 0.03

    Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.

  • CVE-2025-11192Oct 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is enabled on a port, it may automatically configure fabric connectivity without validating ISIS authentication settings. The SD-WAN AutoSense implementation may be…

  • CVE-2025-6083Jun 13, 2025
    risk 0.00cvss epss 0.00

    In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the entire table instead of being restricted to their specific owner_id.

  • CVE-2024-38292Feb 27, 2025
    risk 0.00cvss epss 0.01

    In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation.

  • CVE-2024-38291Feb 27, 2025
    risk 0.00cvss epss 0.00

    In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation.

  • CVE-2023-40457Nov 11, 2024
    risk 0.00cvss epss 0.00

    The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this…

  • CVE-2020-18305May 13, 2024
    risk 0.00cvss epss 0.01

    Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.

  • CVE-2024-27453May 3, 2024
    risk 0.00cvss epss 0.01

    In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI).

  • CVE-2023-43119Oct 16, 2023
    risk 0.00cvss epss 0.01

    An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server.

  • CVE-2023-43118Oct 16, 2023
    risk 0.00cvss epss 0.00

    Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API.

  • CVE-2023-43120Oct 16, 2023
    risk 0.00cvss epss 0.01

    An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request.

  • CVE-2023-43121Oct 16, 2023
    risk 0.00cvss epss 0.01

    A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files.

  • CVE-2023-35803Oct 4, 2023
    risk 0.00cvss epss 0.02

    IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.

  • CVE-2023-35802Jul 15, 2023
    risk 0.00cvss epss 0.01

    IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to…

  • CVE-2020-13819Aug 5, 2020
    risk 0.00cvss epss 0.01

    Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.

  • CVE-2020-16847Aug 4, 2020
    risk 0.00cvss epss 0.01

    Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.

  • CVE-2013-7309Jan 23, 2014
    risk 0.00cvss epss 0.01

    The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing…

  • CVE-2008-0759Feb 13, 2008
    risk 0.00cvss epss 0.02

    ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allows remote attackers to cause a denial of service (daemon crash) via an invalid UAM field in a request to the Apple Filing Protocol (AFP) service on TCP port 548.

  • CVE-2005-1670May 19, 2005
    risk 0.00cvss epss 0.01

    Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches running ExtremeWare XOS 11.1 before 11.1.3.3, 11.0 before 11.0.2.4, and 10.x allows remote authenticated users to execute arbitrary commands.