CVE-2018-5797

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
extremenetworksextremewireless_wing
5.0 ≤
𝑥
< 5.8.6.9
extremenetworksextremewireless_wing
5.9.0 ≤
𝑥
< 5.9.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003
https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003