CVE-2020-18305

EUVD-2020-10232
Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
extremenetworksextremexos
𝑥
< 22.7
extremenetworksextremexos
30.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/yasinyilmaz/1fe3fe58dd275edb77dcbe890fce2f2c
https://gist.github.com/yasinyilmaz/1fe3fe58dd275edb77dcbe890fce2f2c