CVE-2018-5797

HIGH

ExtremeWireless WiNG 5.x < 5.8.6.9 and 5.9.x < 5.9.1.3 - Hardcoded AES Key Exposure via Smint_encrypt

Title source: llm

Description

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port.

References (1)

Core 1

Core References

Mitigation, Vendor Advisory x_refsource_confirm

https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003

Scores

CVSS v3 7.5

EPSS 0.0047

EPSS Percentile 37.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (1)

extremenetworks/extremewireless_wing 5.0 - 5.8.6.9

Published Feb 05, 2018

Tracked Since Feb 18, 2026