extremenetworks CVE 脆弱性と CVE 一覧(30)

製品(CPE): — CVE 件数: 30

extremenetworks 脆弱性概要

extremenetworks 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

公開された問題は vendor risk cross-site scripting、パス処理の欠陥, and バッファオーバーフロー に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で ファイル上書き and vendor impact session compromise などの暴露リスクを伴う場合があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 120 / 30 CVE 件数
«« 先頭 « 前へ 1 / 2 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-0689 In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns the underlying credential values in the HTTP response, enabling an authorized administrator to recover stored secrets that may exceed their intended access. We would like to thank the Lockheed Martin 1c053176-eef3-4d6a-ae0b-24728c86587b 6.0 0.29% 2026-03-02 2026-06-17
CVE-2025-11192 A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is enabled on a port, it may automatically configure fabric connectivity without validating ISIS authentication settings. The SD-WAN AutoSense implementation may be exploited by malicious actors by allowing unauthorized access to network fabric and configuration data. 1c053176-eef3-4d6a-ae0b-24728c86587b 8.4 0.33% 2025-10-07 2026-06-17
CVE-2025-8679 In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure. Under certain ExtremeGuest Essentials captive-portal SSID configurations, repeated manual login attempts may allow an unauthenticated device to be marked as authenticated and obtain network access. Client360 logs may display the client MAC as the username despite no MAC-authentication being enabled. 1c053176-eef3-4d6a-ae0b-24728c86587b 7.6 0.32% 2025-10-01 2026-06-17
CVE-2025-6235 In ExtremeControl before 25.5.12, a cross-site scripting (XSS) vulnerability was discovered in a login interface of the affected application. The issue stems from improper handling of user-supplied input within HTML attributes, allowing an attacker to inject script code that may execute in a user's browser under specific interaction conditions. Successful exploitation could lead to exposure of user data or unauthorized actions within the browser context. 1c053176-eef3-4d6a-ae0b-24728c86587b 5.3 0.18% 2025-07-21 2026-06-17
CVE-2025-6083 In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the entire table instead of being restricted to their specific owner_id. 1c053176-eef3-4d6a-ae0b-24728c86587b 5.2 0.18% 2025-06-13 2026-06-17
CVE-2024-38292 In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation. [email protected] 9.8 0.49% 2025-02-27 2026-06-17
CVE-2024-38291 In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation. [email protected] 8.8 0.33% 2025-02-27 2026-06-17
CVE-2024-38290 In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met. [email protected] 5.3 0.31% 2025-02-27 2026-06-17
CVE-2020-18305 Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges. [email protected] 8.0 0.70% 2024-05-14 2026-06-16
CVE-2024-27453 In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI). [email protected] 8.6 0.73% 2024-05-03 2026-06-17
CVE-2023-43121 A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files. [email protected] 7.5 0.98% 2023-10-16 2026-06-17
CVE-2023-43119 An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server. [email protected] 9.8 0.61% 2023-10-16 2026-06-17
CVE-2023-43118 Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API. [email protected] 8.8 0.28% 2023-10-16 2026-06-17
CVE-2023-43120 An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request. [email protected] 8.8 0.71% 2023-10-16 2026-06-17
CVE-2023-35803 IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow. [email protected] 9.8 1.63% 2023-10-04 2026-06-17
CVE-2023-35802 IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit. [email protected] 9.8 0.90% 2023-07-14 2026-06-17
CVE-2020-16152 The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file. [email protected] 9.8 35.05% 2021-11-14 2026-06-16
CVE-2020-13819 Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. [email protected] 6.1 0.85% 2020-08-05 2026-06-16
CVE-2020-16847 Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887. [email protected] 6.1 0.65% 2020-08-04 2026-06-16
CVE-2020-13820 Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. [email protected] 6.1 3.46% 2020-08-03 2026-06-16
«« 先頭 « 前へ 1 / 2 次へ »
cvelogic Threat Intelligence