CVE-2020-18305

HIGH

Extreme Networks EXOS <v.22.7 & <v.30.2 - Info Disclosure

Title source: llm

Description

Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.

References (1)

Core 1

Core References

Exploit

https://gist.github.com/yasinyilmaz/1fe3fe58dd275edb77dcbe890fce2f2c

Scores

CVSS v3 8.0

EPSS 0.0070

EPSS Percentile 48.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-287

Status published

Products (2)

extremenetworks/extremexos 30.1

extremenetworks/extremexos < 22.7

Published May 14, 2024

Tracked Since Feb 18, 2026