CVE-2023-43119
EUVD-2023-4753916.10.2023, 20:15
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| extremenetworks | exos | 𝑥 < 22.7 |
| extremenetworks | exos | 31.7.0 ≤ 𝑥 < 31.7.2 |
| extremenetworks | exos | 32.0 ≤ 𝑥 < 32.5.1.5 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.