Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

exos

Source -

ADPNVD

CNA CVEs -

0

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

5
Related CVEsRelated VendorsRelated AssignersReports
6Vulnerabilities found
CVE-2020-18305
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.34% / 55.70%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 15:43
Updated-11 Jun, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.

Action-Not Available
Vendor-extremenetworksn/aextremenetworks
Product-extremexosn/aexos
CWE ID-CWE-287
Improper Authentication
CVE-2023-43118
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.85%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-17 Sep, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API.

Action-Not Available
Vendor-extremenetworksn/a
Product-exosn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-43119
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.23%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-17 Sep, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server.

Action-Not Available
Vendor-extremenetworksn/a
Product-exosn/a
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-43120
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.59% / 80.90%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-17 Sep, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request.

Action-Not Available
Vendor-extremenetworksn/a
Product-exosn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-43121
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.40% / 79.66%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-17 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files.

Action-Not Available
Vendor-extremenetworksn/a
Product-exosn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-7309
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 37.57%
||
7 Day CHG~0.00%
Published-23 Jan, 2014 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

Action-Not Available
Vendor-extremenetworksn/a
Product-exosn/a