Extremenetworks Extremexos — known CVE vulnerabilities
Every CVE whose affected-product data names Extremenetworks Extremexos, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2024-27453 — CVSS 8.6 (high): In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of…
CVE-2017-14332 — CVSS 8.1 (high): Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values.
CVE-2020-18305 — CVSS 8.0 (high): Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access…
CVE-2017-14328 — CVSS 7.5 (high): Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot.
CVE-2017-14331 — CVSS 6.7 (medium): Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an…
CVE-2017-14329 — CVSS 6.7 (medium): Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.
CVE-2017-14330 — CVSS 6.7 (medium): Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.